Controlling a device based upon steganographically encoded data

ABSTRACT

A method includes receiving, at a first device, data representing a graphic. The graphic includes non-uniformly toned regions with information steganographically encoded therein. The steganographically encoded information is decoded from the received data. The method also includes communicating with a second device and receiving data from the second device. An aspect of operation of the first device is controlled in accordance with the data received from the second device. The data received from the second device is a function of the decoded information.

CROSS-REFERENCE TO RELATED PATENT APPLICATIONS

This application is a Divisional of U.S. application Ser. No.12/324,422, filed Nov. 26, 2008, (now U.S. Pat. No. 7,987,245)incorporated herein by reference in its entirety, which is a Divisionalof U.S. application Ser. No. 11/265,544, filed Nov. 2, 2005, (now U.S.Pat. No. 7,461,136), incorporated herein by reference in its entirety,which is a Continuation of U.S. application Ser. No. 09/941,243, filedAug. 28, 2001, (now U.S. Pat. No. 7,058,697), incorporated herein byreference in its entirety, which is a Continuation of U.S. applicationSer. No. 09/464,307, filed Dec. 15, 1999, (now U.S. Pat. No. 6,286,036),incorporated herein by reference in its entirety, which is a Divisionalof U.S. application Ser. No. 09/130,624, filed Aug. 6, 1998, (now U.S.Pat. No. 6,324,573), incorporated herein by reference in its entirety,which is a Continuation of U.S. application Ser. No. 08/508,083, filedJul. 27, 1995, (now U.S. Pat. 5,841,978), incorporated herein byreference in its entirety.

The subject matter of the present application is also related to thatdisclosed in applicant's four applications filed May 8, 1995:application Ser. Nos. 08/436,098 (now U.S. Pat. No. 5,636,292);application Ser. No. 08/436,099 (now U.S. Pat. No. 5,710,834);application Ser. No. 08/436,134 (now U.S. Pat. No. 5,748,763); andapplication Ser. No. 08/438,159 (now U.S. Pat. No. 5,850,481), andapplication Ser. No. 08/154,866, filed Nov. 18, 1993 (abandoned),application Ser. No. 08/215,289, filed Mar. 17, 1994 (abandoned),application Ser. No. 08/327,426, filed Oct. 21, 1994 (U.S. Pat. No.5,768,426), and PCT/US94/13366, filed Nov. 16, 1994. The disclosures ofthese prior applications are incorporated herein by reference.

TECHNICAL FIELD

The present technology relates to the field of computer networknavigation, such as navigation and routing of instructions on theInternet. More particularly, the technology concerns a new method forautomatically linking from one computer site to another, also known as a“link” or “hot link” method.

BACKGROUND AND SUMMARY

The World Wide Web (WWW) is a standardized graphic interface and networkprotocol to the Internet which is rapidly increasing in popularity andusage. Among many reasons for the growth in the WWW is the core featurethat allows a user to immediately “link” from one given web site toanother, merely by pointing to an object and clicking a button, wherethe object pointed to is usually a highlighted or otherwise clearlydistinguished line of text or image. Computerized documents containingsuch links are often referred to as “hypertext.”

Generally speaking, creators of a web site set up a site or page usingweb site development tools, such as the WebForce tools sold by SiliconGraphics. At a more mundane level, programmers use a language calledHypertext Markup Language (HTML) to generate the instructions necessaryfor a web site to function properly. Currently, the basic manner withwhich a “hot link” from one site to another is implemented is byspecifying within the programming language or the web site developmenttools which graphical object presented to a web site visitor will be thevisual link to another web site. Once the object is specified, theprogramming tools associate with this object a URL address, which is theInternet or web address of the web site to which the object points.Summarizing in a very general way, the creation of a graphical “hotlink” and its underlying URL address needs to be programmed in anon-automated manner.

Traditional methods of implementing hot links generally employ a “headerfile” that contains the URL address. The header file is attached to thegraphical object. Alternatively, a database management system is set up,whereby a graphical object has an index number attached such that adatabase of URL addresses can be searched using the index value. Both ofthese traditional approaches suffice in a well defined network systemwhere everyone agrees to abide by identical protocols and to use thesame header files and/or database procedures. Moreover, these methodsrequire agreement on how this information is transferred when going fromone system to another.

In the case of the Internet, however, and the current World Wide Web,there is a huge range of graphical objects that are representable, andthe ideal of a universal data file format is far from being realized.Instead, a multitude of file formats are used, and most of them do nothave a simple means whereby a URL address could become attached in a waythat would also facilitate, by not conflicting with, the continueddevelopment of standards to attach URL addresses.

It is desirable, therefore, to find a linking method whereby a givenobject can effectively comprise both a graphical representation to auser and the URL address, thereby to serve as a hot link. In such a way,a web site developer need only include a pointer to the object (often anobject with which the developer is accustomed to using), and theunderlying tools and web site browsers will recognize the object as ahot link. One way to provide such a system would be to associate URLaddresses directly with a graphical object, and, preferably, providesome indication that this object is in the hot link class. The linkingmethods disclosed herein address this goal. One embodiment of thetechnology provides a common sense method whereby all web browsers andweb tools can easily attach (i.e., embed) URL addresses to graphicalobjects. The method easily integrates into the current system in a waythat does not require sweeping changes to well-entrenched file formatsand transmission protocols.

Once steganographic methods of “hot link” navigation take hold, then, asnew file formats and transmission protocols develop, more traditionalmethods of “header-based” information attachment can enhance the basicsystem built by a steganographic-based system. In this way,steganographic implementation of the present technology pays due heed tothe huge installed base of file formats existing today, paving the waytoward simpler attached information implementations. Steganographicmethods will retain one differential property in that, at least for morerobust forms of steganography, address and index information can survivegoing into and out of the digital and network domain.

Another aspect of the present technology pertains to unauthorized useand outright piracy of proprietary source material which, since timeimmemorial, has been a source of lost revenue, confusion, and artisticcorruption.

These historical problems have been compounded by the advent of digitaltechnology. With it, the technology of copying materials andredistributing them in unauthorized manners has reached new heights ofsophistication, and more importantly, omnipresence. Lacking objectivemeans for comparing an alleged copy of material with the original,owners and litigation proceedings are left with a subjective opinion ofwhether the alleged copy is stolen, or has been used in an unauthorizedmanner. Furthermore, there is no simple means of tracing a path to anoriginal purchaser of the material—something which can be valuable intracing where a possible “leak” of the material first occurred.

A variety of methods for protecting commercial material have beenattempted. One is to scramble signals via an encoding method prior todistribution, and descramble prior to use. This technique, however, isof little use in mass market audio and visual media, where even a fewdollars extra cost causes a major reduction in market, and where thesignal must eventually be descrambled to be perceived, and thus can beeasily recorded.

Another class of techniques relies on modification of source audio orvideo signals to include a subliminal identification signal, which canbe sensed by electronic means. Examples of such systems are found inU.S. Pat. No. 4,972,471 and European patent publication EP 441,702, aswell as in Komatsu et al, “Authentication System Using Concealed Imagein Telematics,” Memoirs of the School of Science & Engineering, WasedaUniversity, No. 52, p. 45-60 (1988) (Komatsu uses the term “digitalwatermark” for this technique). These techniques have the commoncharacteristic that deterministic signals with well defined patterns andsequences within the source material convey the identificationinformation. For certain applications this is not a drawback. But ingeneral, this is an inefficient form of embedding identificationinformation for a variety of reasons: (a) the whole of the sourcematerial is not used; (b) deterministic patterns have a higherlikelihood of being discovered and removed by a would-be pirate; and (c)the signals are not generally ‘holographic’ in that identifications maybe difficult to make given only sections of the whole. (‘Holographic’ isused herein to refer to the property that the identification informationis distributed globally throughout the coded signal, and can be fullydiscerned from an examination of even a fraction of the coded signal.Coding of this type is sometimes termed “distributed” herein.)

Among the cited references are descriptions of several programs whichperform steganography—described in one document as “ . . . the ancientart of hiding information in some otherwise inconspicuous information.”These programs variously allow computer users to hide their own messagesinside digital image files and digital audio files. All do so bytoggling the least significant bit (the lowest order bit of a singledata sample) of a given audio data stream or rasterized image. Some ofthese programs embed messages quite directly into the least significantbit, while other “pre-encrypt” or scramble a message first and thenembed the encrypted data into the least significant bit.

Our current understanding of these programs is that they generally relyon error-free transmission of the of digital data in order to correctlytransmit a given message in its entirety. Typically the message ispassed only once, i.e., it is not repeated. These programs also seem to“take over” the least significant bit entirely, where actual data isobliterated and the message placed accordingly. This might mean thatsuch codes could be easily erased by merely stripping off the leastsignificant bit of all data values in a given image or audio file. It isthese and other considerations which suggest that the only similaritybetween the present technology and the established art of steganographyis in the placement of information into data files with minimalperceptibility. The specifics of embedding and the uses of that buriedinformation diverge from there.

Another cited reference is U.S. Pat. No. 5,325,167 to Melen. In theservice of authenticating a given document, the high precision scanningof that document reveals patterns and “microscopic grain structure”which apparently is a kind of unique fingerprint for the underlyingdocument media, such as paper itself or post-applied materials such astoner. Melen further teaches that scanning and storing this fingerprintcan later be used in authentication by scanning a purported document andcomparing it to the original fingerprint. Applicant is aware of asimilar idea employed in the very high precision recording of creditcard magnetic strips, as reported in the Feb. 8, 1994, Wall StreetJournal, page BI, wherein very fine magnetic fluxuations tend to beunique from one card to the next, so that credit card authentication canbe achieved through pre-recording these fluxuations later to be comparedto the recordings of the purportedly same credit card.

Both of the foregoing techniques appear to rest on the sameidentification principles on which the mature science of fingerprintanalysis rests: the innate uniqueness of some localized physicalproperty. These methods then rely upon a single judgement and/ormeasurement of “similarity” or “correlation” between a suspect and apre-recording master. Though fingerprint analysis has brought this to ahigh art, these methods are nevertheless open to a claim thatpreparations of the samples, and the “filtering” and “scannerspecifications” of Melen's patent, unavoidably tend to bias theresulting judgement of similarity, and would create a need for moreesoteric “expert testimony” to explain the confidence of a found matchor mismatch. It is desirable to avoid this reliance on expert testimonyand to place the confidence in a match into simple “coin flip”vernacular, i.e., what are the odds you can call the correct coin flip16 times in a row. Attempts to identify fragments of a fingerprint,document, or otherwise, exacerbate this issue of confidence in ajudgment. It is desirable, therefore, to objectively apply the intuitive“coin flip” confidence to the smallest fragment possible. Also, storingunique fingerprints for each and every document or credit card magneticstrip, and having these fingerprints readily available for latercross-checking, should prove to be quite an economic undertaking Itwould be preferred to allow for the “re-use” of noise codes and “snowyimages” in the service of easing storage requirements.

Despite the foregoing and other diverse work in the field ofidentification/authentication, there still remains a need for a reliableand efficient method for performing a positive identification between acopy of an original signal and the original. Desirably, this methodshould not only perform identification, it should also be able to conveysource-version information in order to better pinpoint the point ofsale. The method should not compromise the innate quality of materialwhich is being sold, as does the placement of localized logos on images.The method should be robust so that an identification can be made evenafter multiple copies have been made and/or compression anddecompression of the signal has taken place. The identification methodshould be largely uneraseable or “uncrackable.” The method should becapable of working even on fractional pieces of the original signal,such as a 10 second “riff” of an audio signal or the “clipped andpasted” sub-section of an original image.

The existence of such a method would have profound consequences onpiracy in that it could (a) cost effectively monitor for unauthorizeduses of material and perform “quick checks”; (b) become a deterrent tounauthorized uses when the method is known to be in use and theconsequences well publicized; and (c) provide unequivocal proof ofidentity, similar to fingerprint identification, in litigation, withpotentially more reliability than that of fingerprinting.

In accordance with exemplary embodiments of the present technology, theforegoing and additional objects are achieved by embedding animperceptible identification code throughout a source signal. In thepreferred embodiment, this embedding is achieved by modulating thesource signal with a small noise signal in a coded fashion. Moreparticularly, bits of a binary identification code are referenced, oneat a time, to control modulation of the source signal with the noisesignal.

The copy with the embedded signal (the “encoded” copy) becomes thematerial which is sold, while the original is secured in a safe place.The new copy is nearly identical to the original except under the finestof scrutiny; thus, its commercial value is not compromised. After thenew copy has been sold and distributed and potentially distorted bymultiple copies, the present disclosure details methods for positivelyidentifying any suspect signal against the original.

Among its other advantages, the preferred embodiments' use ofidentification signals which are global (holographic) and which mimicnatural noise sources allows the maximization of identification signalenergy, as opposed to merely having it present ‘somewhere in theoriginal material.’ This allows the identification coding to be muchmore robust in the face of thousands of real world degradation processesand material transformations, such as cutting and cropping of imagery.

It will be appreciated that the embedded information is readily adaptedto serve as a primary component of a preferred network linking method asmentioned above.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is a simple and classic depiction of a one dimensional digitalsignal which is discretized in both axes.

FIG. 2 is a general overview, with detailed description of steps, of theprocess of embedding an “imperceptible” identification signal ontoanother signal.

FIG. 3 is a step-wise description of how a suspected copy of an originalis identified.

FIG. 4 is a schematic view of an apparatus for pre-exposing film withidentification information in accordance with another embodiment.

FIG. 5 is a diagram of a “black box” embodiment of the presenttechnology.

FIG. 6 is a schematic block diagram of the embodiment of FIG. 5.

FIG. 7 shows a variant of the FIG. 6 embodiment adapted to encodesuccessive sets of input data with different code words but with thesame noise data.

FIG. 8 shows a variant of the FIG. 6 embodiment adapted to encode eachframe of a videotaped production with a unique code number.

FIGS. 9A-9C are representations of an industry standard noise secondthat can be used in one embodiment of the present technology.

FIG. 10 shows an integrated circuit used in detecting standard noisecodes.

FIG. 11 shows a process flow for detecting a standard noise code thatcan be used in the FIG. 10 embodiment.

FIG. 12 is an embodiment employing a plurality of detectors inaccordance with another embodiment of the present technology.

FIG. 13 shows an embodiment of the present technology in which apseudo-random noise frame is generated from an image.

FIG. 14 illustrates how statistics of a signal can be used in aid ofdecoding.

FIG. 15 shows how a signature signal can be preprocessed to increase itsrobustness in view of anticipated distortion, e.g. MPEG.

FIGS. 16 and 17 show embodiments of the technology in which informationabout a file is detailed both in a header, and in the file itself.

FIGS. 18-20 show details relating to embodiments of the presenttechnology using rotationally symmetric patterns.

FIGS. 21A and 21B show how the technology can be practiced by encoding“bumps” rather than pixels.

FIGS. 22-26 detail aspects of a security card according to oneembodiment of the present technology.

FIG. 27 is a diagram, illustrating the aspect of the technology thatprovides a network linking method using information embedded in dataobjects that have inherent noise.

DETAILED DESCRIPTION OF PREFERRED EMBODIMENTS

In the following discussion of an illustrative embodiment, the words“signal” and “image” are used interchangeably to refer to both one, two,and even beyond two dimensions of digital signal. Examples willroutinely switch back and forth between a one dimensional audio-typedigital signal and a two dimensional image-type digital signal.

In order to fully describe the details of an illustrative embodiment ofthe technology, it is necessary first to describe the basic propertiesof a digital signal. FIG. 1 shows a classic representation of a onedimensional digital signal. The x-axis defines the index numbers ofsequence of digital “samples,” and the y-axis is the instantaneous valueof the signal at that sample, being constrained to exist only at afinite number of levels defined as the “binary depth” of a digitalsample. The example depicted in FIG. 1 has the value of 2 to the fourthpower, or “4 bits,” giving 16 allowed states of the sample value.

For audio information such as sound waves, it is commonly accepted thatthe digitization process discretizes a continuous phenomena both in thetime domain and in the signal level domain. As such, the process ofdigitization itself introduces a fundamental error source, in that itcannot record detail smaller than the discretization interval in eitherdomain. The industry has referred to this, among other ways, as“aliasing” in the time domain, and “quantization noise” in the signallevel domain. Thus, there will always be a basic error floor of adigital signal. Pure quantization noise, measured in a root mean squaresense, is theoretically known to have the value of one over the squareroot of twelve, or about 0.29 DN, where DN stands for ‘Digital Number’or the finest unit increment of the signal level. For example, a perfect12-bit digitizer will have 4096 allowed DN with an innate root meansquare noise floor of ˜0.29 DN.

All known physical measurement processes add additional noise to thetransformation of a continuous signal into the digital form. Thequantization noise typically adds in quadrature (square root of the meansquares) to the “analog noise” of the measurement process, as it issometimes referred to.

With almost all commercial and technical processes, the use of thedecibel scale is used as a measure of signal and noise in a givenrecording medium. The expression “signal-to-noise ratio” is generallyused, as it will be in this disclosure. As an example, this disclosurerefers to signal to noise ratios in terms of signal power and noisepower, thus 20 dB represents a 10 times increase in signal amplitude.

In summary, the presently preferred embodiments of the technology embedan N-bit value onto an entire signal through the addition of a very lowamplitude encodation signal which has the look of pure noise. N isusually at least 8 and is capped on the higher end by ultimatesignal-to-noise considerations and “bit error” in retrieving anddecoding the N-bit value. As a practical matter, N is chosen based onapplication specific considerations, such as the number of uniquedifferent “signatures” that are desired. To illustrate, if N=128, thenthe number of unique digital signatures is in excess of 10^^38 (2^^128).This number is believed to be more than adequate to both identify thematerial with sufficient statistical certainty and to index exact saleand distribution information.

The amplitude or power of this added signal is determined by theaesthetic and informational considerations of each and every applicationusing the present methodology. For instance, non-professional video canstand to have a higher embedded signal level without becoming noticeableto the average human eye, while high precision audio may only be able toaccept a relatively small signal level lest the human ear perceive anobjectionable increase in “hiss.” These statements are generalities andeach application has its own set of criteria in choosing the signallevel of the embedded identification signal. The higher the level ofembedded signal, the more corrupted a copy can be and still beidentified. On the other hand, the higher the level of embedded signal,the more objectionable the perceived noise might be, potentiallyimpacting the value of the distributed material.

To illustrate the range of different applications to which theprinciples of the present technology can be applied, the presentspecification details two different systems. The first (termed, for lackof a better name, a “batch encoding” system), applies identificationcoding to an existing data signal. The second (termed, for lack of abetter name, a “real time encoding” system), applies identificationcoding to a signal as it is produced. Those skilled in the art willrecognize that the principles of the present technology can be appliedin a number of other contexts in addition to these particularlydescribed.

The discussions of these two systems can be read in either order. Somereaders may find the latter more intuitive than the former; for othersthe contrary may be true.

Batch Encoding

The following discussion of a first class of embodiments is bestprefaced by a section defining relevant terms:

The original signal refers to either the original digital signal or thehigh quality digitized copy of a non-digital original.

The N-bit identification word refers to a unique identification binaryvalue, typically having N range anywhere from 8 to 128, which is theidentification code ultimately placed onto the original signal via thedisclosed transformation process. In the illustrated embodiment, eachN-bit identification word begins with the sequence of values ‘0101,’which is used to determine an optimization of the signal-to-noise ratioin the identification procedure of a suspect signal (see definitionbelow).

The m'th bit value of the N-bit identification word is either a zero orone corresponding to the value of the m'th place, reading left to right,of the N-bit word. E.g., the first (m=1) bit value of the N=8identification word 01110100 is the value ‘0;’ the second bit value ofthis identification word is ‘1’, etc.

The m'th individual embedded code signal refers to a signal which hasdimensions and extent precisely equal to the original signal (e.g. bothare a 512 by 512 digital image), and which is (in the illustratedembodiment) an independent pseudo-random sequence of digital values.“Pseudo” pays homage to the difficulty in philosophically defining purerandomness, and also indicates that there are various acceptable ways ofgenerating the “random” signal. There will be exactly N individualembedded code signals associated with any given original signal.

The acceptable perceived noise level refers to an application-specificdetermination of how much “extra noise,” i.e. amplitude of the compositeembedded code signal described next, can be added to the original signaland still have an acceptable signal to sell or otherwise distribute.This disclosure uses a 1 dB increase in noise as a typical value whichmight be acceptable, but this is quite arbitrary.

The composite embedded code signal refers to the signal which hasdimensions and extent precisely equal to the original signal, (e.g. bothare a 512 by 512 digital image), and which contains the addition andappropriate attenuation of the N individual embedded code signals. Theindividual embedded signals are generated on an arbitrary scale, whereasthe amplitude of the composite signal must not exceed the pre-setacceptable perceived noise level, hence the need for “attenuation” ofthe N added individual code signals.

The distributable signal refers to the nearly similar copy of theoriginal signal, consisting of the original signal plus the compositeembedded code signal. This is the signal which is distributed to theoutside community, having only slightly higher but acceptable “noiseproperties” than the original.

A suspect signal refers to a signal which has the general appearance ofthe original and distributed signal and whose potential identificationmatch to the original is being questioned. The suspect signal is thenanalyzed to see if it matches the N-bit identification word.

The detailed methodology of this first embodiment begins by stating thatthe N-bit identification word is encoded onto the original signal byhaving each of the m bit values multiply their corresponding individualembedded code signals, the resultant being accumulated in the compositesignal, the fully summed composite signal then being attenuated down tothe acceptable perceived noise amplitude, and the resultant compositesignal added to the original to become the distributable signal.

The original signal, the N-bit identification word, and all N individualembedded code signals are then stored away in a secured place. A suspectsignal is then found. This signal may have undergone multiple copies,compressions and decompressions, resamplings onto different spaceddigital signals, transfers from digital to analog back to digital media,or any combination of these items. IF the signal still appears similarto the original, i.e. its innate quality is not thoroughly destroyed byall of these transformations and noise additions, then depending on thesignal to noise properties of the embedded signal, the identificationprocess should function to some objective degree of statisticalconfidence. The extent of corruption of the suspect signal and theoriginal acceptable perceived noise level are two key parameters indetermining an expected confidence level of identification.

The identification process on the suspected signal begins by resamplingand aligning the suspected signal onto the digital format and extent ofthe original signal. Thus, if an image has been reduced by a factor oftwo, it needs to be digitally enlarged by that same factor. Likewise, ifa piece of music has been “cut out,” but may still have the samesampling rate as the original, it is necessary to register this cut-outpiece to the original, typically done by performing a local digitalcross-correlation of the two signals (a common digital operation),finding at what delay value the correlation peaks, then using this founddelay value to register the cut piece to a segment of the original.

Once the suspect signal has been sample-spacing matched and registeredto the original, the signal levels of the suspect signal should bematched in an rms sense to the signal level of the original. This can bedone via a search on the parameters of offset, amplification, and gammabeing optimized by using the minimum of the mean squared error betweenthe two signals as a function of the three parameters. We can call thesuspect signal normalized and registered at this point, or justnormalized for convenience.

The newly matched pair then has the original signal subtracted from thenormalized suspect signal to produce a difference signal. The differencesignal is then cross-correlated with each of the N individual embeddedcode signals and the peak cross-correlation value recorded. The firstfour bit code (‘0101’) is used as a calibrator both on the mean valuesof the zero value and the one value, and on further registration of thetwo signals if a finer signal to noise ratio is desired (i.e., theoptimal separation of the 0101 signal will indicate an optimalregistration of the two signals and will also indicate the probableexistence of the N-bit identification signal being present.)

The resulting peak cross-correlation values will form a noisy series offloating point numbers which can be transformed into 0's and 1's bytheir proximity to the mean values of 0 and 1 found by the 0101calibration sequence. If the suspect signal has indeed been derived fromthe original, the identification number resulting from the above processwill match the N-bit identification word of the original, bearing inmind either predicted or unknown “bit error” statistics. Signal-to-noiseconsiderations will determine if there will be some kind of “bit error”in the identification process, leading to a form of X % probability ofidentification where X might be desired to be 99.9% or whatever. If thesuspect copy is indeed not a copy of the original, an essentially randomsequence of 0's and 1's will be produced, as well as an apparent lack ofseparation of the resultant values. This is to say, if the resultantvalues are plotted on a histogram, the existence of the N-bitidentification signal will exhibit strong bi-level characteristics,whereas the non-existence of the code, or the existence of a differentcode of a different original, will exhibit a type of randomgaussian-like distribution. This histogram separation alone should besufficient for an identification, but it is even stronger proof ofidentification when an exact binary sequence can be objectivelyreproduced.

SPECIFIC EXAMPLE

Imagine that we have taken a valuable picture of two heads of state at acocktail party, pictures which are sure to earn some reasonable fee inthe commercial market. We desire to sell this picture and ensure that itis not used in an unauthorized or uncompensated manner. This and thefollowing steps are summarized in FIG. 2.

Assume the picture is transformed into a positive color print. We firstscan this into a digitized form via a normal high quality black andwhite scanner with a typical photometric spectral response curve. (It ispossible to get better ultimate signal to noise ratios by scanning ineach of the three primary colors of the color image, but this nuance isnot central to describing the basic process.)

Let us assume that the scanned image now becomes a 4000 by 4000 pixelmonochrome digital image with a grey scale accuracy defined by 12-bitgrey values or 4096 allowed levels. We will call this the “originaldigital image” realizing that this is the same as our “original signal”in the above definitions.

During the scanning process we have arbitrarily set absolute black tocorrespond to digital value ‘30’. We estimate that there is a basic 2Digital Number root mean square noise existing on the original digitalimage, plus a theoretical noise (known in the industry as “shot noise”)of the square root of the brightness value of any given pixel. Informula, we have:<RMS Noise_(n,m)>=sqrt(4+(V _(n,m)−30))  (1)

Here, n and m are simple indexing values on rows and columns of theimage ranging from 0 to 3999. Sqrt is the square root. V is the DN of agiven indexed pixel on the original digital image. The < > bracketsaround the RMS noise merely indicates that this is an expected averagevalue, where it is clear that each and every pixel will have a randomerror individually. Thus, for a pixel value having 1200 as a digitalnumber or “brightness value”, we find that its expected rms noise valueis sqrt(1204)=34.70, which is quite close to 34.64, the square root of1200.

We furthermore realize that the square root of the innate brightnessvalue of a pixel is not precisely what the eye perceives as a minimumobjectionable noise, thus we come up with the formula:<RMS Addable Noise_(n,m) >=X*sqrt(4+(V _(n,m)−30)^Y)  (2)

Where X and Y have been added as empirical parameters which we willadjust, and “addable” noise refers to our acceptable perceived noiselevel from the definitions above. We now intend to experiment with whatexact value of X and Y we can choose, but we will do so at the same timethat we are performing the next steps in the process.

The next step in our process is to choose N of our N-bit identificationword. We decide that a 16 bit main identification value with its 65536possible values will be sufficiently large to identify the image asours, and that we will be directly selling no more than 128 copies ofthe image which we wish to track, giving 7 bits plus an eighth bit foran odd/even adding of the first 7 bits (i.e. an error checking bit onthe first seven). The total bits required now are at 4 bits for the 0101calibration sequence, 16 for the main identification, 8 for the version,and we now throw in another 4 as a further error checking value on thefirst 28 bits, giving 32 bits as N. The final 4 bits can use one of manyindustry standard error checking methods to choose its four values.

We now randomly determine the 16 bit main identification number, findingfor example, 1101 0001 1001 1110; our first versions of the originalsold will have all 0's as the version identifier, and the error checkingbits will fall out where they may. We now have our unique 32 bitidentification word which we will embed on the original digital image.

To do this, we generate 32 independent random 4000 by 4000 encodingimages for each bit of our 32 bit identification word. The manner ofgenerating these random images is revealing. There are numerous ways togenerate these. By far the simplest is to turn up the gain on the samescanner that was used to scan in the original photograph, only this timeplacing a pure black image as the input, then scanning this 32 times.The only drawback to this technique is that it does require a largeamount of memory and that “fixed pattern” noise will be part of eachindependent “noise image.” But, the fixed pattern noise can be removedvia normal “dark frame” subtraction techniques. Assume that we set theabsolute black average value at digital number ‘100,’ and that ratherthan finding a 2 DN rms noise as we did in the normal gain setting, wenow find an rms noise of 10 DN about each and every pixel's mean value.

We next apply a mid-spatial-frequency bandpass filter (spatialconvolution) to each and every independent random image, essentiallyremoving the very high and the very low spatial frequencies from them.We remove the very low frequencies because simple real-world errorsources like geometrical warping, splotches on scanners,mis-registrations, and the like will exhibit themselves most at lowerfrequencies also, and so we want to concentrate our identificationsignal at higher spatial frequencies in order to avoid these types ofcorruptions. Likewise, we remove the higher frequencies because multiplegeneration copies of a given image, as well as compression-decompressiontransformations, tend to wipe out higher frequencies anyway, so there isno point in placing too much identification signal into thesefrequencies if they will be the ones most prone to being attenuated.Therefore, our new filtered independent noise images will be dominatedby mid-spatial frequencies. On a practical note, since we are using12-bit values on our scanner and we have removed the DC valueeffectively and our new rms noise will be slightly less than 10 digitalnumbers, it is useful to boil this down to a 6-bit value ranging from−32 through 0 to 31 as the resultant random image.

Next we add all of the random images together which have a ‘1’ in theircorresponding bit value of the 32-bit identification word, accumulatingthe result in a 16-bit signed integer image. This is the unattenuatedand un-scaled version of the composite embedded signal.

Next we experiment visually with adding the composite embedded signal tothe original digital image, through varying the X and Y parameters ofequation 2. In formula, we visually iterate to both maximize X and tofind the appropriate Y in the following:V _(dist;n,m) =V _(orign,m) +V _(comp;n,m) *X*sqrt(4+V _(orig;n,m)^Y)  (3)

where dist refers to the candidate distributable image, i.e. we arevisually iterating to find what X and Y will give us an acceptableimage; orig refers to the pixel value of the original image; and comprefers to the pixel value of the composite image. The n's and m's stillindex rows and columns of the image and indicate that this operation isdone on all 4000 by 4000 pixels. The symbol V is the DN of a given pixeland a given image.

As an arbitrary assumption, now, we assume that our visualexperimentation has found that the value of X=0.025 and Y=0.6 areacceptable values when comparing the original image with the candidatedistributable image. This is to say, the distributable image with the“extra noise” is acceptably close to the original in an aesthetic sense.Note that since our individual random images had a random rms noisevalue around 10 DN, and that adding approximately 16 of these imagestogether will increase the composite noise to around 40 DN, the Xmultiplication value of 0.025 will bring the added rms noise back toaround 1 DN, or half the amplitude of our innate noise on the original.This is roughly a 1 dB gain in noise at the dark pixel values andcorrespondingly more at the brighter values modified by the Y value of0.6.

So with these two values of X and Y, we now have constructed our firstversions of a distributable copy of the original. Other versions willmerely create a new composite signal and possibly change the X slightlyif deemed necessary. We now lock up the original digital image alongwith the 32-bit identification word for each version, and the 32independent random 4-bit images, waiting for our first case of asuspected piracy of our original. Storage wise, this is about 14Megabytes for the original image and 32*0.5 bytes*16 million=˜256Megabytes for the random individual encoded images. This is quiteacceptable for a single valuable image. Some storage economy can begained by simple lossless compression.

Finding a Suspected Piracy of Our Image

We sell our image and several months later find our two heads of statein the exact poses we sold them in, seemingly cut and lifted out of ourimage and placed into another stylized background scene. This new“suspect” image is being printed in 100,000 copies of a given magazineissue, let us say. We now go about determining if a portion of ouroriginal image has indeed been used in an unauthorized manner. FIG. 3summarizes the details.

The first step is to take an issue of the magazine, cut out the pagewith the image on it, then carefully but not too carefully cut out thetwo figures from the background image using ordinary scissors. Ifpossible, we will cut out only one connected piece rather than the twofigures separately. We paste this onto a black background and scan thisinto a digital form. Next we electronically flag or mask out the blackbackground, which is easy to do by visual inspection.

We now procure the original digital image from our secured place alongwith the 32-bit identification word and the 32 individual embeddedimages. We place the original digital image onto our computer screenusing standard image manipulation software, and we roughly cut along thesame borders as our masked area of the suspect image, masking this imageat the same time in roughly the same manner. The word ‘roughly’ is usedsince an exact cutting is not needed, it merely aids the identificationstatistics to get it reasonably close.

Next we rescale the masked suspect image to roughly match the size ofour masked original digital image, that is, we digitally scale up ordown the suspect image and roughly overlay it on the original image.Once we have performed this rough registration, we then throw the twoimages into an automated scaling and registration program. The programperforms a search on the three parameters of x position, y position, andspatial scale, with the figure of merit being the mean squared errorbetween the two images given any given scale variable and x and yoffset. This is a fairly standard image processing methodology.Typically this would be done using generally smooth interpolationtechniques and done to sub-pixel accuracy. The search method can be oneof many, where the simplex method is a typical one.

Once the optimal scaling and x-y position variables are found, nextcomes another search on optimizing the black level, brightness gain, andgamma of the two images. Again, the figure of merit to be used is meansquared error, and again the simplex or other search methodologies canbe used to optimize the three variables. After these three variables areoptimized, we apply their corrections to the suspect image and align itto exactly the pixel spacing and masking of the original digital imageand its mask. We can now call this the standard mask.

The next step is to subtract the original digital image from the newlynormalized suspect image only within the standard mask region. This newimage is called the difference image.

Then we step through all 32 individual random embedded images, doing alocal cross-correlation between the masked difference image and themasked individual embedded image. ‘Local’ refers to the idea that oneneed only start correlating over an offset region of +/−1 pixels ofoffset between the nominal registration points of the two images foundduring the search procedures above. The peak correlation should be veryclose to the nominal registration point of 0,0 offset, and we can addthe 3 by 3 correlation values together to give one grand correlationvalue for each of the 32 individual bits of our 32-bit identificationword.

After doing this for all 32 bit places and their corresponding randomimages, we have a quasi-floating point sequence of 32 values. The firstfour values represent our calibration signal of 0101. We now take themean of the first and third floating point value and call this floatingpoint value ‘0,’ and we take the mean of the second and the fourth valueand call this floating point value ‘1’. We then step through allremaining 28 bit values and assign either a ‘0’ or a ‘1’ based simply onwhich mean value they are closer to. Stated simply, if the suspect imageis indeed a copy of our original, the embedded 32-bit resulting codeshould match that of our records, and if it is not a copy, we should getgeneral randomness. The third and the fourth possibilities of 3) is acopy but doesn't match identification number and 4) isn't a copy butdoes match are, in the case of 3), possible if the signal to noise ratioof the process has plummeted, i.e. the ‘suspect image’ is truly a verypoor copy of the original, and in the case of 4) is basically one chancein four billion since we were using a 32-bit identification number. Ifwe are truly worried about 4), we can just have a second independent labperform their own tests on a different issue of the same magazine.Finally, checking the error-check bits against what the values give isone final and possibly overkill check on the whole process. Insituations where signal to noise is a possible problem, these errorchecking bits might be eliminated without too much harm.

Benefits

Now that a full description of the first embodiment has been describedvia a detailed example, it is appropriate to point out the rationale ofsome of the process steps and their benefits.

The ultimate benefits of the foregoing process are that obtaining anidentification number is fully independent of the manners and methods ofpreparing the difference image. That is to say, the manners of preparingthe difference image, such as cutting, registering, scaling, etcetera,cannot increase the odds of finding an identification number when noneexists; it only helps the signal-to-noise ratio of the identificationprocess when a true identification number is present. Methods ofpreparing images for identification can be different from each othereven, providing the possibility for multiple independent methodologiesfor making a match.

The ability to obtain a match even on sub-sets of the original signal orimage is a key point in today's information-rich world. Cutting andpasting both images and sound clips is becoming more common, allowingsuch an embodiment to be used in detecting a copy even when originalmaterial has been thus corrupted. Finally, the signal to noise ratio ofmatching should begin to become difficult only when the copy materialitself has been significantly altered either by noise or by significantdistortion; both of these also will affect that copy's commercial value,so that trying to thwart the system can only be done at the expense of ahuge decrease in commercial value.

An early conception of this technology was the case where only a single“snowy image” or random signal was added to an original image, i.e. thecase where N=1. “Decoding” this signal would involve a subsequentmathematical analysis using (generally statistical) algorithms to make ajudgment on the presence or absence of this signal. The reason thisapproach was abandoned as the preferred embodiment was that there was aninherent gray area in the certainty of detecting the presence or absenceof the signal. By moving onward to a multitude of bit planes, i.e. N>1,combined with simple pre-defined algorithms prescribing the manner ofchoosing between a “0” and a “1”, the technology moved the certaintyquestion from the realm of expert statistical analysis into the realm ofguessing a random binary event such as a coin flip. This is seen as apowerful feature relative to the intuitive acceptance of this technologyin both the courtroom and the marketplace. The analogy which summarizesthe inventor's thoughts on this whole question is as follows: The searchfor a single identification signal amounts to calling a coin flip onlyonce, and relying on arcane experts to make the call; whereas the N>1preferred embodiment of this technology relies on the broadly intuitiveprinciple of correctly calling a coin flip N times in a row. Thissituation is greatly exacerbated, i.e. the problems of “interpretation”of the presence of a single signal, when images and sound clips getsmaller and smaller in extent.

Another important reason that the N>1 case is the preferred embodimentover the N=1 embodiment is that in the N=1 case, the manner in which asuspect image is prepared and manipulated has a direct bearing on thelikelihood of making a positive identification. Thus, the manner withwhich an expert makes an identification determination becomes anintegral part of that determination. The existence of a multitude ofmathematical and statistical approaches to making this determinationleave open the possibility that some tests might make positiveidentifications while others might make negative determinations,inviting further arcane debate about the relative merits of the variousidentification approaches. The N>1 preferred embodiment of thistechnology avoids this further gray area by presenting a method where noamount of pre-processing of a signal—other than pre-processing whichsurreptitiously uses knowledge of the private code signals—can increasethe likelihood of “calling the coin flip N times in a row.”

The fullest expression of the present system will come when it becomesan industry standard and numerous independent groups set up with theirown means or ‘in-house’ brand of applying embedded identificationnumbers and in their decipherment. Numerous independent groupidentification will further enhance the ultimate objectivity of themethod, thereby enhancing its appeal as an industry standard.

Use of True Polarity in Creating the Composite Embedded Code Signal

The foregoing discussion made use of the 0 and 1 formalism of binarytechnology to accomplish its ends. Specifically, the 0's and 1's of theN-bit identification word directly multiplied their correspondingindividual embedded code signal to form the composite embedded codesignal (step 8, FIG. 2). This approach certainly has its conceptualsimplicity, but the multiplication of an embedded code signal by 0 alongwith the storage of that embedded code contains a kind of inefficiency.

It is preferred to maintain the formalism of the 0 and 1 nature of theN-bit identification word, but to have the 0's of the word induce asubtraction of their corresponding embedded code signal. Thus, in step 8of FIG. 2, rather than only ‘adding’ the individual embedded codesignals which correspond to a ‘1’ in the N-bit identification word, wewill also ‘subtract’ the individual embedded code signals whichcorrespond to a ‘0’ in the N-bit identification word.

At first glance this seems to add more apparent noise to the finalcomposite signal. But it also increases the energy-wise separation ofthe 0's from the l's and thus the ‘gain’ which is applied in step 10,FIG. 2 can be correspondingly lower.

We can refer to this improvement as the use of true polarity. The mainadvantage of this improvement can largely be summarized as‘informational efficiency.’

‘Perceptual Orthogonality’ of the Individual Embedded Code Signals

The foregoing discussion contemplates the use of generally randomnoise-like signals as the individual embedded code signals. This isperhaps the simplest form of signal to generate. However, there is aform of informational optimization which can be applied to the set ofthe individual embedded signals, which the applicant describes under therubric ‘perceptual orthogonality.’ This term is loosely based on themathematical concept of the orthogonality of vectors, with the currentadditional requirement that this orthogonality should maximize thesignal energy of the identification information while maintaining itbelow some perceptibility threshold. Put another way, the embedded codesignals need not necessarily be random in nature.

Use and Improvements of the First Embodiment in the Field ofEmulsion-Based Photography

The foregoing discussion outlined techniques that are applicable tophotographic materials. The following section explores the details ofthis area further and discloses certain improvements which lendthemselves to a broad range of applications.

The first area to be discussed involves the pre-application orpre-exposing of a serial number onto traditional photographic products,such as negative film, print paper, transparencies, etc. In general,this is a way to embed a priori unique serial numbers (and byimplication, ownership and tracking information) into photographicmaterial. The serial numbers themselves would be a permanent part of thenormally exposed picture, as opposed to being relegated to the marginsor stamped on the back of a printed photograph, which all requireseparate locations and separate methods of copying. The ‘serial number’as it is called here is generally synonymous with the N-bitidentification word, only now we are using a more common industrialterminology.

In FIG. 2, step 11, the disclosure calls for the storage of the“original [image]” along with code images. Then in FIG. 3, step 9, itdirects that the original be subtracted from the suspect image, therebyleaving the possible identification codes plus whatever noise andcorruption has accumulated. Therefore, the previous disclosure made thetacit assumption that there exists an original without the compositeembedded signals.

Now in the case of selling print paper and other duplication filmproducts, this will still be the case, i.e., an “original” without theembedded codes will indeed exist and the basic methodology of the firstembodiment can be employed. The original film serves perfectly well asan ‘unencoded original.’

However, in the case where pre-exposed negative film is used, thecomposite embedded signal pre-exists on the original film and thus therewill never be an “original” separate from the pre-embedded signal. It isthis latter case, therefore, which will be examined a bit more closely,along with observations on how to best use the principles discussedabove (the former cases adhering to the previously outlined methods).

The clearest point of departure for the case of pre-numbered negativefilm, i.e. negative film which has had each and every frame pre-exposedwith a very faint and unique composite embedded signal, comes at step 9of FIG. 3 as previously noted. There are certainly other differences aswell, but they are mostly logistical in nature, such as how and when toembed the signals on the film, how to store the code numbers and serialnumber, etc. Obviously the pre-exposing of film would involve a majorchange to the general mass production process of creating and packagingfilm.

FIG. 4 has a schematic outlining one potential post-hoc mechanism forpre-exposing film. ‘Post-hoc’ refers to applying a process after thefull common manufacturing process of film has already taken place.Eventually, economies of scale may dictate placing this pre-exposingprocess directly into the chain of manufacturing film. Depicted in FIG.4 is what is commonly known as a film writing system. The computer, 106,displays the composite signal produced in step 8, FIG. 2, on itsphosphor screen. A given frame of film is then exposed by imaging thisphosphor screen, where the exposure level is generally very faint, i.e.generally imperceptible. Clearly, the marketplace will set its owndemands on how faint this should be, that is, the level of added‘graininess’ as practitioners would put it. Each frame of film issequentially exposed, where in general the composite image displayed onthe CRT 102 is changed for each and every frame, thereby giving eachframe of film a different serial number. The transfer lens 104highlights the focal conjugate planes of a film frame and the CRT face.

Getting back to the applying the principles of the foregoing embodimentin the case of pre-exposed negative film . . . . At step 9, FIG. 3, ifwe were to subtract the “original” with its embedded code, we wouldobviously be “erasing” the code as well since the code is an integralpart of the original. Fortunately, remedies do exist and identificationscan still be made. However, it will be a challenge to artisans whorefine this embodiment to have the signal to noise ratio of theidentification process in the pre-exposed negative case approach thesignal to noise ratio of the case where the un-encoded original exists.

A succinct definition of the problem is in order at this point. Given asuspect picture (signal), find the embedded identification code IF acode exists at al. The problem reduces to one of finding the amplitudeof each and every individual embedded code signal within the suspectpicture, not only within the context of noise and corruption as waspreviously explained, but now also within the context of the couplingbetween a captured image and the codes. ‘Coupling’ here refers to theidea that the captured image “randomly biases” the cross-correlation.

So, bearing in mind this additional item of signal coupling, theidentification process now estimates the signal amplitude of each andevery individual embedded code signal (as opposed to taking thecross-correlation result of step 12, FIG. 3). If our identificationsignal exists in the suspect picture, the amplitudes thus found willsplit into a polarity with positive amplitudes being assigned a ‘1’ andnegative amplitudes being assigned a ‘0’. Our unique identification codemanifests itself. If, on the other hand, no such identification codeexists or it is someone else's code, then a random gaussian-likedistribution of amplitudes is found with a random hash of values.

It remains to provide a few more details on how the amplitudes of theindividual embedded codes are found. Again, fortunately, this exactproblem has been treated in other technological applications. Besides,throw this problem and a little food into a crowded room ofmathematicians and statisticians and surely a half dozen optimizedmethodologies will pop out after some reasonable period of time. It is arather cleanly defined problem.

One specific example solution comes from the field of astronomicalimaging. Here, it is a mature prior art to subtract out a “thermal noiseframe” from a given CCD image of an object. Often, however, it is notprecisely known what scaling factor to use in subtracting the thermalframe, and a search for the correct scaling factor is performed. This isprecisely the task of this step of the present embodiment.

General practice merely performs a common search algorithm on thescaling factor, where a scaling factor is chosen and a new image iscreated according to:NEW IMAGE=ACQUIRED IMAGE-SCALE*THERMAL IMAGE  (4)

The new image is applied to the fast fourier transform routine and ascale factor is eventually found which minimizes the integrated highfrequency content of the new image. This general type of searchoperation with its minimization of a particular quantity is exceedinglycommon. The scale factor thus found is the sought-for “amplitude.”Refinements which are contemplated but not yet implemented are where thecoupling of the higher derivatives of the acquired image and theembedded codes are estimated and removed from the calculated scalefactor. In other words, certain bias effects from the coupling mentionedearlier are present and should be eventually accounted for and removedboth through theoretical and empirical experimentation.

Use and Improvements in the Detection of Signal or Image Alteration

Apart from the basic need of identifying a signal or image as a whole,there is also a rather ubiquitous need to detect possible alterations toa signal or image. The following section describes how the foregoingembodiment, with certain modifications and improvements, can be used asa powerful tool in this area. The potential scenarios and applicationsof detecting alterations are innumerable.

To first summarize, assume that we have a given signal or image whichhas been positively identified using the basic methods outlined above.In other words, we know its N-bit identification word, its individualembedded code signals, and its composite embedded code. We can thenfairly simply create a spatial map of the composite code's amplitudewithin our given signal or image. Furthermore, we can divide thisamplitude map by the known composite code's spatial amplitude, giving anormalized map, i.e. a map which should fluctuate about some global meanvalue. By simple examination of this map, we can visually detect anyareas which have been significantly altered wherein the value of thenormalized amplitude dips below some statistically set threshold basedpurely on typical noise and corruption (error).

The details of implementing the creation of the amplitude map have avariety of choices. One is to perform the same procedure which is usedto determine the signal amplitude as described above, only now we stepand repeat the multiplication of any given area of the signal/image witha gaussian weight function centered about the area we are investigating.

Universal Versus Custom Codes

The disclosure thus far has outlined how each and every source signalhas its own unique set of individual embedded code signals. This entailsthe storage of a significant amount of additional code information aboveand beyond the original, and many applications may merit some form ofeconomizing.

One such approach to economizing is to have a given set of individualembedded code signals be common to a batch of source materials. Forexample, one thousand images can all utilize the same basic set ofindividual embedded code signals. The storage requirements of thesecodes then become a small fraction of the overall storage requirementsof the source material.

Furthermore, some applications can utilize a universal set of individualembedded code signals, i.e., codes which remain the same for allinstances of distributed material. This type of requirement would beseen by systems which wish to hide the N-bit identification word itself,yet have standardized equipment be able to read that word. This can beused in systems which make go/no go decisions at point-of-readlocations. The potential drawback to this set-up is that the universalcodes are more prone to be sleuthed or stolen; therefore they will notbe as secure as the apparatus and methodology of the previouslydisclosed arrangement. Perhaps this is just the difference between ‘highsecurity’ and ‘air-tight security,’ a distinction carrying little weightwith the bulk of potential applications.

Use in Printing, Paper, Documents, Plastic Coated Identification Cards,and Other Material Where Global Embedded Codes can be Imprinted

The term ‘signal’ is often used narrowly to refer to digital datainformation, audio signals, images, etc. A broader interpretation of‘signal,’ and the one more generally intended, includes any form ofmodulation of any material whatsoever. Thus, the micro-topology of apiece of common paper becomes a ‘signal’ (e.g. it height as a functionof x-y coordinates). The reflective properties of a flat piece ofplastic (as a function of space also) becomes a signal. The point isthat photographic emulsions, audio signals, and digitized informationare not the only types of signals capable of utilizing the principles ofthe present technology.

As a case in point, a machine very much resembling a Braille printingmachine can be designed so as to imprint unique ‘noise-like’indentations as outlined above. These indentations can be applied with apressure which is much smaller than is typically applied in creatingBraille, to the point where the patterns are not noticed by a normaluser of the paper. But by following the steps of the present disclosureand applying them via the mechanism of micro-indentations, a uniqueidentification code can be placed onto any given sheet of paper, be itintended for everyday stationary purposes, or be it for importantdocuments, legal tender, or other secured material.

The reading of the identification material in such an embodimentgenerally proceeds by merely reading the document optically at a varietyof angles. This would become an inexpensive method for deducing themicro-topology of the paper surface. Certainly other forms of readingthe topology of the paper are possible as well.

In the case of plastic encased material such as identification cards,e.g. driver's licenses, a similar Braille-like impressions machine canbe utilized to imprint unique identification codes. Subtle layers ofphotoreactive materials can also be embedded inside the plastic and‘exposed.’

It is clear that wherever a material exists which is capable of beingmodulated by ‘noise-like’ signals, that material is an appropriatecarrier for unique identification codes and utilization of theprinciples of the technology. All that remains is the matter ofeconomically applying the identification information and maintaining thesignal level below an acceptability threshold which each and everyapplication will define for itself.

Real Time Encoder

While the first class of embodiments most commonly employs a standardmicroprocessor or computer to perform the encodation of an image orsignal, it is possible to utilize a custom encodation device which maybe faster than a typical Von Neuman-type processor. Such a system can beutilized with all manner of serial data streams.

Music and videotape recordings are examples of serial data streams—datastreams which are often pirated. It would assist enforcement efforts ifauthorized recordings were encoded with identification data so thatpirated knock-offs could be traced to the original from which they weremade.

Piracy is but one concern driving the need for the present technology.Another is authentication. Often it is important to confirm that a givenset of data is really what it is purported to be (often several yearsafter its generation).

To address these and other needs, the system 200 of FIG. 5 can beemployed. System 200 can be thought of as an identification coding blackbox 202. The system 200 receives an input signal (sometimes termed the“master” or “unencoded” signal) and a code word, and produces (generallyin real time) an identification-coded output signal. (Usually, thesystem provides key data for use in later decoding.)

The contents of the “black box” 202 can take various forms. An exemplaryblack box system is shown in FIG. 6 and includes a look-up table 204, adigital noise source 206, first and second scalers 208, 210, anadder/subtracter 212, a memory 214, and a register 216.

The input signal (which in the illustrated embodiment is an 8-20 bitdata signal provided at a rate of one million samples per second, butwhich in other embodiments could be an analog signal if appropriate A/Dand D/A conversion is provided) is applied from an input 218 to theaddress input 220 of the look-up table 204. For each input sample (i.e.look-up table address), the table provides a corresponding 8-bit digitaloutput word. This output word is used as a scaling factor that isapplied to one input of the first scaler 208.

The first scaler 208 has a second input, to which is applied an 8-bitdigital noise signal from source 206. (In the illustrated embodiment,the noise source 206 comprises an analog noise source 222 and ananalog-to-digital converter 224 although, again, other implementationscan be used.) The noise source in the illustrated embodiment has a zeromean output value, with a full width half maximum (FWHM) of 50-100digital numbers (e.g. from −75 to +75).

The first scaler 208 multiplies the two 8-bit words at its inputs (scalefactor and noise) to produce—for each sample of the system inputsignal—a 16-bit output word. Since the noise signal has a zero meanvalue, the output of the first scaler likewise has a zero mean value.

The output of the first scaler 208 is applied to the input of the secondscaler 210. The second scaler serves a global scaling function,establishing the absolute magnitude of the identification signal thatwill ultimately be embedded into the input data signal. The scalingfactor is set through a scale control device 226 (which may take anumber of forms, from a simple rheostat to a graphically implementedcontrol in a graphical user interface), permitting this factor to bechanged in accordance with the requirements of different applications.The second scaler 210 provides on its output line 228 a scaled noisesignal. Each sample of this scaled noise signal is successively storedin the memory 214.

(In the illustrated embodiment, the output from the first scaler 208 mayrange between −1500 and +1500 (decimal), while the output from thesecond scaler 210 is in the low single digits, (such as between −2 and+2).)

Register 216 stores a multi-bit identification code word. In theillustrated embodiment this code word consists of 8 bits, althoughlarger code words (up to hundreds of bits) are commonly used. These bitsare referenced, one at a time, to control how the input signal ismodulated with the scaled noise signal.

In particular, a pointer 230 is cycled sequentially through the bitpositions of the code word in register 216 to provide a control bit of“0” or “1” to a control input 232 of the adder/subtracter 212. If, for aparticular input signal sample, the control bit is a “1”, the scalednoise signal sample on line 232 is added to the input signal sample. Ifthe control bit is a “0”, the scaled noise signal sample is subtractedfrom the input signal sample. The output 234 from the adder/subtracter212 provides the black box's output signal.

The addition or subtraction of the scaled noise signal in accordancewith the bits of the code word effects a modulation of the input signalthat is generally imperceptible. However, with knowledge of the contentsof the memory 214, a user can later decode the encoding, determining thecode number used in the original encoding process. (Actually, use ofmemory 214 is optional, as explained below.)

It will be recognized that the encoded signal can be distributed in wellknown ways, including converted to printed image form, stored onmagnetic media (floppy diskette, analog or DAT tape, etc.), CD-ROM, etc.etc.

Decoding

A variety of techniques can be used to determine the identification codewith which a suspect signal has been encoded. Two are discussed below.The first is less preferable than the latter for most applications, butis discussed herein so that the reader may have a fuller context withinwhich to understand the technology.

More particularly, the first decoding method is a difference method,relying on subtraction of corresponding samples of the original signalfrom the suspect signal to obtain difference samples, which are thenexamined (typically individually) for deterministic coding indicia (i.e.the stored noise data). This approach may thus be termed a“sample-based, deterministic” decoding technique.

The second decoding method does not make use of the original signal. Nordoes it examine particular samples looking for predetermined noisecharacteristics. Rather, the statistics of the suspect signal (or aportion thereof) are considered in the aggregate and analyzed to discernthe presence of identification coding that permeates the entire signal.The reference to permeation means the entire identification code can bediscerned from a small fragment of the suspect signal. This latterapproach may thus be termed a “holographic, statistical” decodingtechnique.

Both of these methods begin by registering the suspect signal to matchthe original. This entails scaling (e.g. in amplitude, duration, colorbalance, etc.), and sampling (or resampling) to restore the originalsample rate. As in the earlier described embodiment, there are a varietyof well understood techniques by which the operations associated withthis registration function can be performed.

As noted, the first decoding approach proceeds by subtracting theoriginal signal from the registered, suspect signal, leaving adifference signal. The polarity of successive difference signal samplescan then be compared with the polarities of the corresponding storednoise signal samples to determine the identification code. That is, ifthe polarity of the first difference signal sample matches that of thefirst noise signal sample, then the first bit of the identification codeis a “1.” (In such case, the polarity of the 9th, 17th, 25th, etc.samples should also all be positive.) If the polarity of the firstdifference signal sample is opposite that of the corresponding noisesignal sample, then the first bit of the identification code is a “0.”

By conducting the foregoing analysis with eight successive samples ofthe difference signal, the sequence of bits that comprise the originalcode word can be determined. If, as in the preferred embodiment, pointer230 stepped through the code word one bit at a time, beginning with thefirst bit, during encoding, then the first 8 samples of the differencesignal can be analyzed to uniquely determine the value of the 8-bit codeword.

In a noise-free world (speaking here of noise independent of that withwhich the identification coding is effected), the foregoing analysiswould always yield the correct identification code. But a process thatis only applicable in a noise-free world is of limited utility indeed.

(Further, accurate identification of signals in noise-free contexts canbe handled in a variety of other, simpler ways: e.g. checksums;statistically improbable correspondence between suspect and originalsignals; etc.)

While noise-induced aberrations in decoding can be dealt with—to somedegree—by analyzing large portions of the signal, such aberrations stillplace a practical ceiling on the confidence of the process. Further, thevillain that must be confronted is not always as benign as random noise.Rather, it increasingly takes the form of human-caused corruption,distortion, manipulation, etc. In such cases, the desired degree ofidentification confidence can only be achieved by other approaches.

The presently preferred approach (the “holographic, statistical”decoding technique) relies on recombining the suspect signal withcertain noise data (typically the data stored in memory 214), andanalyzing the entropy of the resulting signal. “Entropy” need not beunderstood in its most strict mathematical definition, it being merelythe most concise word to describe randomness (noise, smoothness,snowiness, etc.).

Most serial data signals are not random. That is, one sample usuallycorrelates—to some degree—with the adjacent samples. Noise, in contrast,typically is random. If a random signal (e.g. noise) is added to (orsubtracted from) a non-random signal, the entropy of the resultingsignal generally increases. That is, the resulting signal has morerandom variations than the original signal. This is the case with theencoded output signal produced by the present encoding process; it hasmore entropy than the original, unencoded signal.

If, in contrast, the addition of a random signal to (or subtractionfrom) a non-random signal reduces entropy, then something unusual ishappening. It is this anomaly that the preferred decoding process usesto detect embedded identification coding.

To fully understand this entropy-based decoding method, it is firsthelpful to highlight a characteristic of the original encoding process:the similar treatment of every eighth sample.

In the encoding process discussed above, the pointer 230 incrementsthrough the code word, one bit for each successive sample of the inputsignal. If the code word is eight bits in length, then the pointerreturns to the same bit position in the code word every eighth signalsample. If this bit is a “1”, noise is added to the input signal; ifthis bit is a “0”, noise is subtracted from the input signal. Due to thecyclic progression of the pointer 230, every eighth sample of an encodedsignal thus shares a characteristic: they are all either augmented bythe corresponding noise data (which may be negative), or they are alldiminished, depending on whether the bit of the code word then beingaddressed by pointer 230 is a “1” or a “0”.

To exploit this characteristic, the entropy-based decoding processtreats every eighth sample of the suspect signal in like fashion. Inparticular, the process begins by adding to the 1st, 9th, 17th, 25th,etc. samples of the suspect signal the corresponding scaled noise signalvalues stored in the memory 214 (i.e. those stored in the 1st, 9th,17th, 25th, etc., memory locations, respectively). The entropy of theresulting signal (i.e. the suspect signal with every 8th samplemodified) is then computed.

(Computation of a signal's entropy or randomness is well understood byartisans in this field. One generally accepted technique is to take thederivative of the signal at each sample point, square these values, andthen sum over the entire signal. However, a variety of other well knowntechniques can alternatively be used.)

The foregoing step is then repeated, this time subtracting the storednoise values from the 1st, 9th, 17th, 25 etc. suspect signal samples.

One of these two operations will undo the encoding process and reducethe resulting signal's entropy; the other will aggravate it. If addingthe noise data in memory 214 to the suspect signal reduces its entropy,then this data must earlier have been subtracted from the originalsignal. This indicates that pointer 230 was pointing to a “0” bit whenthese samples were encoded. (A “0” at the control input ofadder/subtracter 212 caused it to subtract the scaled noise from theinput signal.)

Conversely, if subtracting the noise data from every eighth sample ofthe suspect signal reduces its entropy, then the encoding process musthave earlier added this noise. This indicates that pointer 230 waspointing to a “1” bit when samples 1, 9, 17, 25, etc., were encoded.

By noting whether entropy decreases by (a) adding or (b) subtracting thestored noise data to/from the suspect signal, it can be determined thatthe first bit of the code word is (a) a “0”, or (b) a “1”.

The foregoing operations are then conducted for the group of spacedsamples of the suspect signal beginning with the second sample (i.e. 2,10, 18, 26 . . . ). The entropy of the resulting signals indicatewhether the second bit of the code word is a “0” or a “1”. Likewise withthe following 6 groups of spaced samples in the suspect signal, untilall 8 bits of the code word have been discerned.

It will be appreciated that the foregoing approach is not sensitive tocorruption mechanisms that alter the values of individual samples;instead, the process considers the entropy of the signal as a whole,yielding a high degree of confidence in the results. Further, even smallexcerpts of the signal can be analyzed in this manner, permitting piracyof even small details of an original work to be detected. The resultsare thus statistically robust, both in the face of natural and humancorruption of the suspect signal.

It will further be appreciated that the use of an N-bit code word inthis real time embodiment provides benefits analogous to those discussedabove in connection with the batch encoding system. (Indeed, the presentembodiment may be conceptualized as making use of N different noisesignals, just as in the batch encoding system. The first noise signal isa signal having the same extent as the input signal, and comprising thescaled noise signal at the 1st, 9th, 17th, 25th, etc., samples (assumingN=8), with zeroes at the intervening samples. The second noise signal isa similar one comprising the scaled noise signal at the 2nd, 10th, 18th,26th, etc., samples, with zeroes at the intervening samples. Etc. Thesesignals are all combined to provide a composite noise signal.) One ofthe important advantages inherent in such a system is the high degree ofstatistical confidence (confidence which doubles with each successivebit of the identification code) that a match is really a match. Thesystem does not rely on subjective evaluation of a suspect signal for asingle, deterministic embedded code signal.

Illustrative Variations

From the foregoing description, it will be recognized that numerousmodifications can be made to the illustrated systems without changingthe fundamental principles. A few of these variations are describedbelow.

The above-described decoding process tries both adding and subtractingstored noise data to/from the suspect signal in order to find whichoperation reduces entropy. In other embodiments, only one of theseoperations needs to be conducted. For example, in one alternativedecoding process the stored noise data corresponding to every eighthsample of the suspect signal is only added to said samples. If theentropy of the resulting signal is thereby increased, then thecorresponding bit of the code word is a “1” (i.e. this noise was addedearlier, during the encoding process, so adding it again only compoundsthe signal's randomness). If the entropy of the resulting signal isthereby decreased, then the corresponding bit of the code word is a “0”.A further test of entropy if the stored noise samples are subtracted isnot required.

The statistical reliability of the identification process (coding anddecoding) can be designed to exceed virtually any confidence threshold(e.g. 99.9%, 99.99%, 99.999%, etc. confidence) by appropriate selectionof the global scaling factors, etc. Additional confidence in any givenapplication (unnecessary in most applications) can be achieved byrechecking the decoding process.

One way to recheck the decoding process is to remove the stored noisedata from the suspect signal in accordance with the bits of thediscerned code word, yielding a “restored” signal (e.g. if the first bitof the code word is found to be “1,” then the noise samples stored inthe 1st, 9th, 17th, etc. locations of the memory 214 are subtracted fromthe corresponding samples of the suspect signal). The entropy of therestored signal is measured and used as a baseline in furthermeasurements. Next, the process is repeated, this time removing thestored noise data from the suspect signal in accordance with a modifiedcode word. The modified code word is the same as the discerned codeword, except 1 bit is toggled (e.g. the first). The entropy of theresulting signal is determined, and compared with the baseline. If thetoggling of the bit in the discerned code word resulted in increasedentropy, then the accuracy of that bit of the discerned code word isconfirmed. The process repeats, each time with a different bit of thediscerned code word toggled, until all bits of the code word have beenso checked. Each change should result in an increase in entropy comparedto the baseline value.

The data stored in memory 214 is subject to a variety of alternatives.In the foregoing discussion, memory 214 contains the scaled noise data.In other embodiments, the unscaled noise data can be stored instead.

In still other embodiments, it can be desirable to store at least partof the input signal itself in memory 214. For example, the memory canallocate 8 signed bits to the noise sample, and 16 bits to store themost significant bits of an 18- or 20-bit audio signal sample. This hasseveral benefits. One is that it simplifies registration of a “suspect”signal. Another is that, in the case of encoding an input signal whichwas already encoded, the data in memory 214 can be used to discern whichof the encoding processes was performed first. That is, from the inputsignal data in memory 214 (albeit incomplete), it is generally possibleto determine with which of two code words it has been encoded.

Yet another alternative for memory 214 is that is can be omittedaltogether.

One way this can be achieved is to use a deterministic noise source inthe encoding process, such as an algorithmic noise generator seeded witha known key number. The same deterministic noise source, seeded with thesame key number, can be used in the decoding process. In such anarrangement, only the key number needs be stored for later use indecoding, instead of the large data set usually stored in memory 214.

Alternatively, if the noise signal added during encoding does not have azero mean value, and the length N of the code word is known to thedecoder, then a universal decoding process can be implemented. Thisprocess uses the same entropy test as the foregoing procedures, butcycles through possible code words, adding/subtracting a small dummynoise value (e.g. less than the expected mean noise value) to every Nthsample of the suspect signal, in accordance with the bits of the codeword being tested, until a reduction in entropy is noted. Such anapproach is not favored for most applications, however, because itoffers less security than the other embodiments (e.g. it is subject tocracking by brute force).

Many applications are well served by the embodiment illustrated in FIG.7, in which different code words are used to produce several differentlyencoded versions of an input signal, each making use of the same noisedata. More particularly, the embodiment 240 of FIG. 7 includes a noisestore 242 into which noise from source 206 is written during theidentification-coding of the input signal with a first code word. (Thenoise source of FIG. 7 is shown outside of the real time encoder 202 forconvenience of illustration.) Thereafter, additionalidentification-coded versions of the input signal can be produced byreading the stored noise data from the store and using it in conjunctionwith second through Nth code words to encode the signal. (Whilebinary-sequential code words are illustrated in FIG. 7, in otherembodiments arbitrary sequences of code words can be employed.) Withsuch an arrangement, a great number of differently-encoded signals canbe produced, without requiring a proportionally-sized long term noisememory. Instead, a fixed amount of noise data is stored, whetherencoding an original once or a thousand times.

(If desired, several differently-coded output signals can be produced atthe same time, rather than seriatim. One such implementation includes aplurality of adder/subtracter circuits 212, each driven with the sameinput signal and with the same scaled noise signal, but with differentcode words. Each, then, produces a differently encoded output signal.)

In applications having a great number of differently-encoded versions ofthe same original, it will be recognized that the decoding process neednot always discern every bit of the code word. Sometimes, for example,the application may require identifying only a group of codes to whichthe suspect signal belongs. (E.g., high order bits of the code wordmight indicate an organization to which several differently codedversions of the same source material were provided, with low-order bitsidentifying specific copies. To identify the organization with which asuspect signal is associated, it may not be necessary to examine the loworder bits, since the organization can be identified by the high orderbits alone.) If the identification requirements can be met by discerninga subset of the code word bits in the suspect signal, the decodingprocess can be shortened.

Some applications may be best served by restarting the encodingprocess—sometimes with a different code word—several times within anintegral work. Consider, as an example, videotaped productions (e.g.television programming). Each frame of a videotaped production can beidentification-coded with a unique code number, processed in real-timewith an arrangement 248 like that shown in FIG. 8. Each time a verticalretrace is detected by sync detector 250, the noise source 206 resets(e.g. to repeat the sequence just produced) and an identification codeincrements to the next value. Each frame of the videotape is therebyuniquely identification-coded. Typically, the encoded signal is storedon a videotape for long term storage (although other storage media,including laser disks, can be used).

Returning to the encoding apparatus, the look-up table 204 in theillustrated embodiment exploits the fact that high amplitude samples ofthe input data signal can tolerate (without objectionable degradation ofthe output signal) a higher level of encoded identification coding thancan low amplitude input samples. Thus, for example, input data sampleshaving decimal values of 0, 1 or 2 may be correspond (in the look-uptable 204) to scale factors of unity (or even zero), whereas input datasamples having values in excess of 200 may correspond to scale factorsof 15. Generally speaking, the scale factors and the input sample valuescorrespond by a square root relation. That is, a four-fold increase in avalue of the sampled input signal corresponds to approximately atwo-fold increase in a value of the scaling factor associated therewith.

(The parenthetical reference to zero as a scaling factor alludes tocases, e.g., in which the source signal is temporally or spatiallydevoid of information content. In an image, for example, a regioncharacterized by several contiguous sample values of zero may correspondto a jet black region of the frame. A scaling value of zero may beappropriate here since there is essentially no image data to bepirated.)

Continuing with the encoding process, those skilled in the art willrecognized the potential for “rail errors” in the illustratedembodiment. For example, if the input signal consists of 8-bit samples,and the samples span the entire range from 0 to 255 (decimal), then theaddition or subtraction of scaled noise to/from the input signal mayproduce output signals that cannot be represented by 8 bits (e.g. −2, or257). A number of well-understood techniques exist to rectify thissituation, some of them proactive and some of them reactive. (Amongthese known techniques are: specifying that the input signal shall nothave samples in the range of 0-4 or 251-255, thereby safely permittingmodulation by the noise signal; or including provision for detecting andadaptively modifying input signal samples that would otherwise causerail errors.)

While the illustrated embodiment describes stepping through the codeword sequentially, one bit at a time, to control modulation ofsuccessive bits of the input signal, it will be appreciated that thebits of the code word can be used other than sequentially for thispurpose. Indeed, bits of the code word can be selected in accordancewith any predetermined algorithm.

The dynamic scaling of the noise signal based on the instantaneous valueof the input signal is an optimization that can be omitted in manyembodiments. That is, the look-up table 204 and the first scaler 208 canbe omitted entirely, and the signal from the digital noise source 206applied directly (or through the second, global scaler 210) to theadder/subtracter 212.

It will be further recognized that the use of a zero-mean noise sourcesimplifies the illustrated embodiment, but is not necessary to thetechnology. A noise signal with another mean value can readily be used,and D.C. compensation (if needed) can be effected elsewhere in thesystem.

The use of a noise source 206 is also optional. A variety of othersignal sources can be used, depending on application-dependentconstraints (e.g. the threshold at which the encoded identificationsignal becomes perceptible). In many instances, the level of theembedded identification signal is low enough that the identificationsignal needn't have a random aspect; it is imperceptible regardless ofits nature. A pseudo random source 206, however, is usually desiredbecause it provides the greatest identification code signal S/N ratio (asomewhat awkward term in this instance) for a level of imperceptibilityof the embedded identification signal.

It will be recognized that identification coding need not occur after asignal has been reduced to stored form as data (i.e. “fixed in tangibleform,” in the words of the U.S. Copyright Act). Consider, for example,the case of popular musicians whose performances are often recordedillicitly. By identification coding the audio before it drives concerthall speakers, unauthorized recordings of the concert can be traced to aparticular place and time. Likewise, live audio sources such as 911emergency calls can be encoded prior to recording so as to facilitatetheir later authentication.

While the black box embodiment has been described as a stand alone unit,it will be recognized that it can be integrated into a number ofdifferent tools/instruments as a component. One is a scanner, which canembed identification codes in the scanned output data. (The codes cansimply serve to memorialize that the data was generated by a particularscanner). Another is in creativity software, such as populardrawing/graphics/animation/paint programs offered by Adobe, Macromedia,Corel, and the like.

Finally, while the real-time encoder 202 has been illustrated withreference to a particular hardware implementation, it will be recognizedthat a variety of other implementations can alternatively be employed.Some utilize other hardware configurations. Others make use of softwareroutines for some or all of the illustrated functional blocks. (Thesoftware routines can be executed on any number of different generalpurpose programmable computers, such as 80×86 PC-compatible computers,RISC-based workstations, etc.)

Types of Noise, Quasi-Noise, and Optimized-Noise

Heretofore this disclosure postulated Gaussian noise, “white noise,” andnoise generated directly from application instrumentation as a few ofthe many examples of the kind of carrier signal appropriate to carry asingle bit of information throughout an image or signal. It is possibleto be even more proactive in “designing” characteristics of noise inorder to achieve certain goals. The “design” of using Gaussian orinstrumental noise was aimed somewhat toward “absolute” security. Thissection of the disclosure takes a look at other considerations for thedesign of the noise signals which may be considered the ultimatecarriers of the identification information.

For some applications it might be advantageous to design the noisecarrier signal (e.g. the Nth embedded code signal in the firstembodiment; the scaled noise data in the second embodiment), so as toprovide more absolute signal strength to the identification signalrelative to the perceptibility of that signal. One example is thefollowing. It is recognized that a true Gaussian noise signal has thevalue ‘0’ occur most frequently, followed by 1 and −1 at equalprobabilities to each other but lower than ‘0’, 2 and −2 next, and soon. Clearly, the value zero carries no information as it is used in theservice of this technology. Thus, one simple adjustment, or design,would be that any time a zero occurs in the generation of the embeddedcode signal, a new process takes over, whereby the value is converted“randomly” to either a 1 or a −1. In logical terms, a decision would bemade: if ‘0’, then random (1,−1). The histogram of such a process wouldappear as a Gaussian/Poissonian type distribution, except that the 0 binwould be empty and the 1 and −1 bin would be increased by half the usualhistogram value of the 0 bin.

In this case, identification signal energy would always be applied atall parts of the signal. A few of the trade-offs include: there is a(probably negligible) lowering of security of the codes in that a“deterministic component” is a part of generating the noise signal. Thereason this might be completely negligible is that we still wind up witha coin flip type situation on randomly choosing the 1 or the −1. Anothertrade-off is that this type of designed noise will have a higherthreshold of perceptibility, and will only be applicable to applicationswhere the least significant bit of a data stream or image is alreadynegligible relative to the commercial value of the material, i.e. if theleast significant bit were stripped from the signal (for all signalsamples), no one would know the difference and the value of the materialwould not suffer. This blocking of the zero value in the example aboveis but one of many ways to “optimize” the noise properties of the signalcarrier, as anyone in the art can realize. We refer to this also as“quasi-noise” in the sense that natural noise can be transformed in apre-determined way into signals which for all intents and purposes willread as noise. Also, cryptographic methods and algorithms can easily,and often by definition, create signals which are perceived ascompletely random. Thus the word “noise” can have differentconnotations, primarily between that as defined subjectively by anobserver or listener, and that defined mathematically. The difference ofthe latter is that mathematical noise has different properties ofsecurity and the simplicity with which it can either be “sleuthed” orthe simplicity with which instruments can “automatically recognize” theexistence of this noise.

“Universal” Embedded Codes

The bulk of this disclosure teaches that for absolute security, thenoise-like embedded code signals which carry the bits of information ofthe identification signal should be unique to each and every encodedsignal, or, slightly less restrictive, that embedded code signals shouldbe generated sparingly, such as using the same embedded codes for abatch of 1000 pieces of film, for example. Be this as it may, there is awhole other approach to this issue wherein the use of what we will call“universal” embedded code signals can open up large new applications forthis technology. The economics of these uses would be such that the defacto lowered security of these universal codes (e.g. they would beanalyzable by time honored cryptographic decoding methods, and thuspotentially thwarted or reversed) would be economically negligiblerelative to the economic gains that the intended uses would provide.Piracy and illegitimate uses would become merely a predictable “cost”and a source of uncollected revenue only; a simple line item in aneconomic analysis of the whole. A good analogy of this is in the cableindustry and the scrambling of video signals. Everybody seems to knowthat crafty, skilled technical individuals, who may be generally lawabiding citizens, can climb a ladder and flip a few wires in their cablejunction box in order to get all the pay channels for free. The cableindustry knows this and takes active measures to stop it and prosecutethose caught, but the “lost revenue” derived from this practice remainsprevalent but almost negligible as a percentage of profits gained fromthe scrambling system as a whole. The scrambling system as a whole is aneconomic success despite its lack of “absolute security.”

The same holds true for applications of this technology wherein, for theprice of lowering security by some amount, large economic opportunitypresents itself. This section first describes what is meant by universalcodes, then moves on to some of the interesting uses to which thesecodes can be applied.

Universal embedded codes generally refer to the idea that knowledge ofthe exact codes can be distributed. The embedded codes won't be put intoa dark safe never to be touched until litigation arises (as alluded toin other parts of this disclosure), but instead will be distributed tovarious locations where on-the-spot analysis can take place. Generallythis distribution will still take place within a security controlledenvironment, meaning that steps will be taken to limit the knowledge ofthe codes to those with a need to know. Instrumentation which attemptsto automatically detect copyrighted material is a non-human example of“something” with a need to know the codes.

There are many ways to implement the idea of universal codes, each withtheir own merits regarding any given application. For the purposes ofteaching this art, we separate these approaches into three broadcategories: universal codes based on libraries, universal codes based ondeterministic formula, and universal codes based on pre-defined industrystandard patterns. A rough rule of thumb is that the first is moresecure than the latter two, but that the latter two are possibly moreeconomical to implement than the first.

Universal Codes: 1) Libraries of Universal Codes

The use of libraries of universal codes simply means that the techniquesof this technology are employed as described, except for the fact thatonly a limited set of the individual embedded code signals are generatedand that any given encoded material will make use of some sub-set ofthis limited “universal set.” An example is in order here. Aphotographic print paper manufacturer may wish to pre-expose every pieceof 8 by 10 inch print paper which they sell with a unique identificationcode. They also wish to sell identification code recognition software totheir large customers, service bureaus, stock agencies, and individualphotographers, so that all these people can not only verify that theirown material is correctly marked, but so that they can also determine ifthird party material which they are about to acquire has been identifiedby this technology as being copyrighted. This latter information willhelp them verify copyright holders and avoid litigation, among manyother benefits. In order to “economically” institute this plan, theyrealize that generating unique individual embedded codes for each andevery piece of print paper would generate Terabytes of independentinformation, which would need storing and to which recognition softwarewould need access. Instead, they decide to embed their print paper with16 bit identification codes derived from a set of only 50 independent“universal” embedded code signals. The details of how this is done arein the next paragraph, but the point is that now their recognitionsoftware only needs to contain a limited set of embedded codes in theirlibrary of codes, typically on the order of 1 Megabyte to 10 Megabytesof information for 50.times.16 individual embedded codes splayed outonto an 8.times.10 photographic print (allowing for digitalcompression). The reason for picking 50 instead of just 16 is one of alittle more added security, where if it were the same 16 embedded codesfor all photographic sheets, not only would the serial number capabilitybe limited to 2 to the 16th power, but lesser and lesser sophisticatedpirates could crack the codes and remove them using software tools.

There are many different ways to implement this scheme, where thefollowing is but one exemplary method. It is determined by the wisdom ofcompany management that a 300 pixels per inch criteria for the embeddedcode signals is sufficient resolution for most applications. This meansthat a composite embedded code image will contain 3000 pixels by 2400pixels to be exposed at a very low level onto each 8×10 sheet. Thisgives 7.2 million pixels. Using our staggered coding system such asdescribed in the black box implementation of FIGS. 5 and 6, eachindividual embedded code signal will contain only 7.2 million divided by16, or approximately 450K true information carrying pixels, i.e. every16th pixel along a given raster line. These values will typically be inthe range of 2 to −2 in digital numbers, or adequately described by asigned 3 bit number. The raw information content of an embedded code isthen approximately ⅜th's bytes times 450K or about 170 Kilobytes.Digital compression can reduce this further. All of these decisions aresubject to standard engineering optimization principles as defined byany given application at hand, as is well known in the art. Thus we findthat 50 of these independent embedded codes will amount to a fewMegabytes. This is quite reasonable level to distribute as a “library”of universal codes within the recognition software. Advanced standardencryption devices could be employed to mask the exact nature of thesecodes if one were concerned that would-be pirates would buy therecognition software merely to reverse engineer the universal embeddedcodes. The recognition software could simply unencrypt the codes priorto applying the recognition techniques taught in this disclosure.

The recognition software itself would certainly have a variety offeatures, but the core task it would perform is determining if there issome universal copyright code within a given image. The key questionsbecome WHICH 16 of the total 50 universal codes it might contain, ifany, and if there are 16 found, what are their bit values. The keyvariables in determining the answers to these questions are:registration, rotation, magnification (scale), and extent. In the mostgeneral case with no helpful hints whatsoever, all variables must beindependently varied across all mutual combinations, and each of the 50universal codes must then be checked by adding and subtracting to see ifan entropy decrease occurs. Strictly speaking, this is an enormous job,but many helpful hints will be found which make the job much simpler,such as having an original image to compare to the suspected copy, orknowing the general orientation and extent of the image relative to an8×10 print paper, which then through simple registration techniques candetermine all of the variables to some acceptable degree. Then it merelyrequires cycling through the 50 universal codes to find any decrease inentropy. If one does, then 15 others should as well. A protocol needs tobe set up whereby a given order of the 50 translates into a sequence ofmost significant bit through least significant bit of the ID code word.Thus if we find that universal code number “4” is present, and we findits bit value to be “0”, and that universal codes “1” through “3” aredefinitely not present, then our most significant bit of our N-bit IDcode number is a “0”. Likewise, we find that the next lowest universalcode present is number “7” and it turns out to be a “1”, then our nextmost significant bit is a “1”. Done properly, this system can cleanlytrace back to the copyright owner so long as they registered theirphotographic paper stock serial number with some registry or with themanufacturer of the paper itself That is, we look up in the registrythat a paper using universal embedded codes 4, 7, 11, 12, 15, 19, 21,26, 27, 28, 34, 35, 37, 38, 40, and 48, and having the embedded code0110 0101 0111 0100 belongs to Leonardo de Boticelli, an unknownwildlife photographer and glacier cinematographer whose address is inNorthern Canada. We know this because he dutifully registered his filmand paper stock, a few minutes of work when he bought the stock, whichhe plopped into the “no postage necessary” envelope that themanufacturing company kindly provided to make the process ridiculouslysimple. Somebody owes Leonardo a royalty check it would appear, andcertainly the registry has automated this royalty payment process aspart of its services.

One final point is that truly sophisticated pirates and others withillicit intentions can indeed employ a variety of cryptographic and notso cryptographic methods to crack these universal codes, sell them, andmake software and hardware tools which can assist in the removing ordistorting of codes. We shall not teach these methods as part of thisdisclosure, however. In any event, this is one of the prices which mustbe paid for the ease of universal codes and the applications they openup.

Universal Codes: 2) Universal Codes Based on Deterministic Formulas

The libraries of universal codes require the storage and transmittal ofMegabytes of independent, generally random data as the keys with whichto unlock the existence and identity of signals and imagery that havebeen marked with universal codes. Alternatively, various deterministicformulas can be used which “generate” what appear to be randomdata/image frames, thereby obviating the need to store all of thesecodes in memory and interrogate each and of the “50” universal codes.Deterministic formulas can also assist in speeding up the process ofdetermining the ID code once one is known to exist in a given signal orimage. On the other hand, deterministic formulas lend themselves tosleuthing by less sophisticated pirates. And once sleuthed, they lendthemselves to easier communication, such as posting on the Internet to ahundred newsgroups. There may well be many applications which do notcare about sleuthing and publishing, and deterministic formulas forgenerating the individual universal embedded codes might be just theticket.

Universal Codes: 3) “Simple” Universal Codes

This category is a bit of a hybrid of the first two, and is mostdirected at truly large scale implementations of the principles of thistechnology. The applications employing this class are of the type wherestaunch security is much less important than low cost, large scaleimplementation and the vastly larger economic benefits that thisenables. One exemplary application is placement of identificationrecognition units directly within modestly priced home audio and videoinstrumentation (such as a TV). Such recognition units would typicallymonitor audio and/or video looking for these copyright identificationcodes, and thence triggering simple decisions based on the findings,such as disabling or enabling recording capabilities, or incrementingprogram specific billing meters which are transmitted back to a centralaudio/video service provider and placed onto monthly invoices. Likewise,it can be foreseen that “black boxes” in bars and other public placescan monitor (listen with a microphone) for copyrighted materials andgenerate detailed reports, for use by ASCAP, BMI, and the like.

A core principle of simple universal codes is that some basic industrystandard “noiselike” and seamlessly repetitive patterns are injectedinto signals, images, and image sequences so that inexpensiverecognition units can either A) determine the mere existence of acopyright “flag”, and B) additionally to A, determine preciseidentification information which can facilitate more complex decisionmaking and actions.

In order to implement this particular embodiment of the presenttechnology, the basic principles of generating the individual embeddednoise signals need to be simplified in order to accommodate inexpensiverecognition signal processing circuitry, while maintaining theproperties of effective randomness and holographic permeation. Withlarge scale industry adoption of these simple codes, the codesthemselves would border on public domain information (much as cablescrambling boxes are almost de facto public domain), leaving the dooropen for determined pirates to develop black market countermeasures, butthis situation would be quite analogous to the scrambling of cable videoand the objective economic analysis of such illegal activity.

One prior art known to the applicant in this general area of pro-activecopyright detection is the Serial Copy Management System adopted by manyfirms in the audio industry. To the best of applicant's knowledge, thissystem employs a non-audio “flag” signal which is not part of the audiodata stream, but which is nevertheless grafted onto the audio stream andcan indicate whether the associated audio data should or should not beduplicated. One problem with this system is that it is restricted tomedia and instrumentation which can support this extra “flag” signal.Another deficiency is that the flagging system carries no identityinformation which would be useful in making more complex decisions. Yetanother difficulty is that high quality audio sampling of an analogsignal can come arbitrarily close to making a perfect digital copy ofsome digital master and there seems to be no provision for inhibitingthis possibility.

The principles of this technology can be brought to bear on these andother problems, in audio applications, video, and all of the otherapplications previously discussed. An exemplary application of simpleuniversal codes is the following. A single industry standard “1.000000second of noise” would be defined as the most basic indicator of thepresence or absence of the copyright marking of any given audio signal.FIG. 9 has an example of what the waveform of an industry standard noisesecond might look like, both in the time domain 400 and the frequencydomain 402. It is by definition a continuous function and would adapt toany combination of sampling rates and bit quanitizations. It has anormalized amplitude and can be scaled arbitrarily to any digital signalamplitude. The signal level and the first M'th derivatives of the signalare continuous at the two boundaries 404 (FIG. 9C), such that when it isrepeated, the “break” in the signal would not be visible (as a waveform)or audible when played through a high end audio system. The choice of 1second is arbitrary in this example, where the precise length of theinterval will be derived from considerations such as audibility,quasi-white noise status, seamless repeatability, simplicity ofrecognition processing, and speed with which a copyright markingdetermination can be made. The injection of this repeated noise signalonto a signal or image (again, at levels below human perception) wouldindicate the presence of copyright material. This is essentially a onebit identification code, and the embedding of further identificationinformation will be discussed later on in this section. The use of thisidentification technique can extend far beyond the low cost homeimplementations discussed here, where studios could use the technique,and monitoring stations could be set up which literally monitor hundredsof channels of information simultaneously, searching for marked datastreams, and furthermore searching for the associated identity codeswhich could be tied in with billing networks and royalty trackingsystems.

This basic, standardized noise signature is seamlessly repeated over andover again and added to audio signals which are to be marked with thebase copyright identification. Part of the reason for the word “simple”is seen here: clearly pirates will know about this industry standardsignal, but their illicit uses derived from this knowledge, such aserasure or corruption, will be economically minuscule relative to theeconomic value of the overall technique to the mass market. For mosthigh end audio this signal will be some 80 to 100 dB down from fullscale, or even much further; each situation can choose its own levelsthough certainly there will be recommendations. The amplitude of thesignal can be modulated according to the audio signal levels to whichthe noise signature is being applied, i.e. the amplitude can increasesignificantly when a drum beats, but not so dramatically as to becomeaudible or objectionable. These measures merely assist the recognitioncircuitry to be described.

Recognition of the presence of this noise signature by low costinstrumentation can be effected in a variety of ways. One rests on basicmodifications to the simple principles of audio signal power metering.Software recognition programs can also be written, and moresophisticated mathematical detection algorithms can be applied to audioin order to make higher confidence detection identifications. In suchembodiments, detection of the copyright noise signature involvescomparing the time averaged power level of an audio signal with the timeaveraged power level of that same audio signal which has had the noisesignature subtracted from it. If the audio signal with the noisesignature subtracted has a lower power level that the unchanged audiosignal, then the copyright signature is present and some status flag tothat effect needs to be set. The main engineering subtleties involved inmaking this comparison include: dealing with audio speed playbackdiscrepancies (e.g. an instrument might be 0.5% “slow” relative toexactly one second intervals); and, dealing with the unknown phase ofthe one second noise signature within any given audio (basically, its“phase” can be anywhere from 0 to 1 seconds). Another subtlety, not socentral as the above two but which nonetheless should be addressed, isthat the recognition circuits should not subtract a higher amplitude ofthe noise signature than was originally embedded onto the audio signal.Fortunately this can be accomplished by merely subtracting only a smallamplitude of the noise signal, and if the power level goes down, this isan indication of “heading toward a trough” in the power levels. Yetanother related subtlety is that the power level changes will be verysmall relative to the overall power levels, and calculations generallywill need to be done with appropriate bit precision, e.g. 32 bit valueoperations and accumulations on 16-20 bit audio in the calculations oftime averaged power levels.

Clearly, designing and packaging this power level comparison processingcircuitry for low cost applications is an engineering optimization task.One trade-off will be the accuracy of making an identification relativeto the “short-cuts” which can be made to the circuitry in order to lowerits cost and complexity. A preferred embodiment for the placement ofthis recognition circuitry inside of instrumentation is through a singleprogrammable integrated circuit which is custom made for the task. FIG.10 shows one such integrated circuit 506. Here the audio signal comesin, 500, either as a digital signal or as an analog signal to bedigitized inside the IC 500, and the output is a flag 502 which is setto one level if the copyright noise signature is found, and to anotherlevel if it is not found. Also depicted is the fact that thestandardized noise signature waveform is stored in Read Only Memory,504, inside the IC 506. There will be a slight time delay between theapplication of an audio signal to the IC 506 and the output of a validflag 502, due to the need to monitor some finite portion of the audiobefore a recognition can place. In this case, there may need to be a“flag valid” output 508 where the IC informs the external world if ithas had enough time to make a proper determination of the presence orabsence of the copyright noise signature.

There are a wide variety of specific designs and philosophies of designsapplied to accomplishing the basic function of the IC 506 of FIG. 10.Audio engineers and digital signal processing engineers are able togenerate several fundamentally different designs. One such design isdepicted in FIG. 11 by a process 599, which itself is subject to furtherengineering optimization as will be discussed. FIG. 11 depicts a flowchart for any of: an analog signal processing network, a digital signalprocessing network, or programming steps in a software program. We findan input signal 600 which along one path is applied to a time averagedpower meter 602, and the resulting power output itself treated as asignal P_(sig). To the upper right we find the standard noise signature504 which will be read out at 125% of normal speed, 604, thus changingits pitch, giving the “pitch changed noise signal” 606. Then the inputsignal has this pitch changed noise signal subtracted in step 608, andthis new signal is applied to the same form of time averaged power meteras in 602, here labelled 610. The output of this operation is also atime based signal here labelled as P_(s-pen), 610. Step 612 thensubtracts the power signal 602 from the power signal 610, giving anoutput difference signal P_(out), 613. If the universal standard noisesignature does indeed exist on the input audio signal 600, then case 2,616, will be created wherein a beat signal 618 of approximately 4 secondperiod will show up on the output signal 613, and it remains to detectthis beat signal with a step such as in FIG. 12, 622. Case 1, 614, is asteady noisy signal which exhibits no periodic beating. 125% at step 604is chosen arbitrarily here, where engineering considerations woulddetermine an optimal value, leading to different beat signal frequencies618. Whereas waiting 4 seconds in this example would be quite a while,especially is you would want to detect at least two or three beats, FIG.12 outlines how the basic design of FIG. 11 could be repeated andoperated upon various delayed versions of the input signal, delayed bysomething like 1/20th of a second, with 20 parallel circuits working inconcert each on a segment of the audio delayed by 0.05 seconds fromtheir neighbors. In this way, a beat signal will show up approximatelyevery ⅕th of a second and will look like a travelling wave down thecolumns of beat detection circuits. The existence or absence of thistravelling beat wave triggers the detection flag 502. Meanwhile, therewould be an audio signal monitor 624 which would ensure that, forexample, at least two seconds of audio has been heard before setting theflag valid signal 508.

Though the audio example was described above, it should be clear toanyone in the art that the same type of definition of some repetitiveuniversal noise signal or image could be applied to the many othersignals, images, pictures, and physical media already discussed.

The above case deals only with a single bit plane of information, i.e.,the noise signature signal is either there (1) or it isn't (0). For manyapplications, it would be nice to detect serial number information aswell, which could then be used for more complex decisions, or forlogging information on billing statements or whatnot. The sameprinciples as the above would apply, but now there would be Nindependent noise signatures as depicted in FIG. 9 instead one singlesuch signature. Typically, one such signature would be the master uponwhich the mere existence of a copyright marking is detected, and thiswould have generally higher power than the others, and then the otherlower power “identification” noise signatures would be embedded intoaudio. Recognition circuits, once having found the existence of theprimary noise signature, would then step through the other N noisesignatures applying the same steps as described above. Where a beatsignal is detected, this indicates the bit value of ‘1’, and where nobeat signal is detected, this indicates a bit value of ‘0’. It might betypical that N will equal 32, that way 232 number of identificationcodes are available to any given industry employing this technology.

Use of this Technology when the Length of the Identification Code is 1

The principles of this technology can obviously be applied in the casewhere only a single presence or absence of an identification signal—afingerprint if you will—is used to provide confidence that some signalor image is copyrighted. The example above of the industry standardnoise signature is one case in point. We no longer have the addedconfidence of the coin flip analogy, we no longer have tracking codecapabilities or basic serial number capabilities, but many applicationsmay not require these attributes and the added simplicity of a singlefingerprint might outweigh these other attributes in any event.

The “Wallpaper” Analogy

The term “holographic” has been used in this disclosure to describe howan identification code number is distributed in a largely integral formthroughout an encoded signal or image. This also refers to the idea thatany given fragment of the signal or image contains the entire uniqueidentification code number. As with physical implementations ofholography, there are limitations on how small a fragment can becomebefore one begins to lose this property, where the resolution limits ofthe holographic media are the main factor in this regard for holographyitself. In the case of an uncorrupted distribution signal which has usedthe encoding device of FIG. 5, and which furthermore has used our“designed noise” of above wherein the zero's were randomly changed to a1 or −1, then the extent of the fragment required is merely N contiguoussamples in a signal or image raster line, where N is as definedpreviously being the length of our identification code number. This isan informational extreme; practical situations where noise andcorruption are operative will require generally one, two or higherorders of magnitude more samples than this simple number N. Thoseskilled in the art will recognize that there are many variables involvedin pinning down precise statistics on the size of the smallest fragmentwith which an identification can be made.

For tutorial purposes, the applicant also uses the analogy that theunique identification code number is “wallpapered” across and image (orsignal). That is, it is repeated over and over again all throughout animage. This repetition of the ID code number can be regular, as in theuse of the encoder of FIG. 5, or random itself, where the bits in the IDcode 216 of FIG. 6 are not stepped through in a normal repetitivefashion but rather are randomly selected on each sample, and the randomselection stored along with the value of the output 228 itself in anyevent, the information carrier of the ID code, the individual embeddedcode signal, does change across the image or signal. Thus as thewallpaper analogy summarizes: the ID code repeats itself over and over,but the patterns that each repetition imprints change randomlyaccordingly to a generally unsleuthable key.

Lossy Data Compression

As earlier mentioned, the identification coding of the preferredembodiment withstands lossy data compression, and subsequentdecompression. Such compression is finding increasing use, particularlyin contexts such as the mass distribution of digitized entertainmentprogramming (movies, etc.).

While data encoded according to the preferred embodiment of the presenttechnology can withstand all types of lossy compression known toapplicant, those expected to be most commercially important are theCCITT G3, CCITT G4, JPEG, MPEG and JBIG compression/decompressionstandards. The CCITT standards are widely used in black-and-whitedocument compression (e.g. facsimile and document-storage). JPEG is mostwidely used with still images. MPEG is most widely used with movingimages. JBIG is a likely successor to the CCITT standards for use withblack-and-white imagery. Such techniques are well known to those in thelossy data compression field; a good overview can be found in Pennebakeret al, JPEG, Still Image Data Compression Standard, Van NostrandReinhold, N.Y., 1993.

Towards Steganography Proper and the Use of this Technology in PassingMore Complex Messages or Information

This disclosure concentrates on what above was called wallpapering asingle identification code across an entire signal. This appears to be adesirable feature for many applications. However, there are otherapplications where it might be desirable to pass messages or to embedvery long strings of pertinent identification information in signals andimages. One of many such possible applications would be where a givensignal or image is meant to be manipulated by several different groups,and that certain regions of an image are reserved for each group'sidentification and insertion of pertinent manipulation information.

In these cases, the code word 216 in FIG. 6 can actually change in somepre-defined manner as a function of signal or image position. Forexample, in an image, the code could change for each and every rasterline of the digital image. It might be a 16 bit code word, 216, but eachscan line would have a new code word, and thus a 480 scan line imagecould pass a 980 (480×2 bytes) byte message. A receiver of the messagewould need to have access to either the noise signal stored in memory214, or would have to know the universal code structure of the noisecodes if that method of coding was being used. To the best ofapplicant's knowledge, this is a novel approach to the mature field ofsteganography.

In all three of the foregoing applications of universal codes, it willoften be desirable to append a short (perhaps 8- or 16-bit) privatecode, which users would keep in their own secured places, in addition tothe universal code. This affords the user a further modicum of securityagainst potential erasure of the universal codes by sophisticatedpirates.

One Master Code Signal as a Distinction from N Independent Embedded CodeSignals

In certain sections of this disclosure, perhaps exemplified in thesection on the realtime encoder, an economizing step was taken wherebythe N independent and source-signal-coextensive embedded code signalswere so designed that the non-zero elements of any given embedded codesignal were unique to just that embedded code signal and no others. Saidmore carefully, certain pixels/sample points of a given signal were“assigned” to some pre-determined m'th bit location in our N-bitidentification word. Furthermore, and as another basic optimization ofimplementation, the aggregate of these assigned pixels/samples acrossall N embedded code signals is precisely the extent of the sourcesignal, meaning each and every pixel/sample location in a source signalis assigned one and only one m'th bit place in our N-bit identificationword. (This is not to say, however, that each and every pixel MUST bemodified). As a matter of simplification we can then talk about a singlemaster code signal (or “Snowy Image”) rather than N independent signals,realizing that pre-defined locations in this master signal correspond tounique bit locations in our N-bit identification word. We thereforeconstruct, via this circuitous route, this rather simple concept on thesingle master noise signal. Beyond mere economization andsimplification, there are also performance reasons for this shift,primarily derived from the idea that individual bit places in our N-bitidentification word are no longer “competing” for the informationcarrying capacity of a single pixel/sample.

With this single master more clearly understood, we can gain newinsights into other sections of this disclosure and explore furtherdetails within the given application areas.

More of Deterministic Universal Codes Using the Master Code Concept

One case in point is to further explore the use of DeterministicUniversal Codes, labelled as item “2” in the sections devoted touniversal codes. A given user of this technology may opt for thefollowing variant use of the principles of this technology. The user inquestion might be a mass distributor of home videos, but clearly theprinciples would extend to all other potential users of this technology.FIG. 13 pictorially represents the steps involved. In the example theuser is one “Alien Productions.” They first create an image canvas whichis coextensive to the size of the video frames of their movie “Bud'sAdventures.” On this canvas they print the name of the movie, they placetheir logo and company name. Furthermore, they have specific informationat the bottom, such as the distribution lot for the mass copying thatthey are currently cranking out, and as indicated, they actually have aunique frame number indicated. Thus we find the example of a standardimage 700 which forms the initial basis for the creation of a masterSnowy Image (master code signal) which will be added into the originalmovie frame, creating an output distributable frame. This image 700 canbe either black & white or color. The process of turning this image 700into a pseudo random master code signal is alluded to by theencryption/scrambling routine 702, wherein the original image 700 ispassed through any of dozens of well known scrambling methods. Thedepiction of the number “28” alludes to the idea that there can actuallybe a library of scrambling methods, and the particular method used forthis particular movie, or even for this particular frame, can change.The result is our classic master code signal or Snowy Image. In general,its brightness values are large and it would look very much like thesnowy image on a television set tuned to a blank channel, but clearly ithas been derived from an informative image 700, transformed through ascrambling 702. (Note: the splotchiness of the example picture isactually a rather poor depiction; it was a function of the crude toolsavailable to the inventor).

This Master Snowy Image 704 is then the signal which is modulated by ourN-bit identification word as outlined in other sections of thedisclosure, the resulting modulated signal is then scaled down inbrightness to the acceptable perceived noise level, and then added tothe original frame to produce the distributable frame.

There are a variety of advantages and features that the method depictedin FIG. 13 affords. There are also variations of theme within thisoverall variation. Clearly, one advantage is that users can now use moreintuitive and personalized methods for stamping and signing their work.Provided that the encryption/scrambling routines, 702, are indeed of ahigh security and not published or leaked, then even if a would-bepirate has knowledge of the logo image 700, they should not be able touse this knowledge to be able to sleuth the Master Snowy Image 704, andthus they should not be able to crack the system, as it were. On theother hand, simple encryption routines 702 may open the door forcracking the system. Another clear advantage of the method of FIG. 13 isthe ability to place further information into the overall protectiveprocess. Strictly speaking, the information contained in the logo image700 is not directly carried in the final distributable frame. Saidanother way, and provided that the encryption/scrambling routine 702 hasa straightforward and known decryption/descrambling method whichtolerates bit truncation errors, it is generally impossible to fullyre-create the image 700 based upon having the distributable frame, theN-bit identification code word, the brightness scaling factor used, andthe number of the decryption routine to be used. The reason that anexact recreation of the image 700 is impossible is due to the scalingoperation itself and the concomitant bit truncation. For the presentdiscussion, this whole issue is somewhat academic, however.

A variation on the theme of FIG. 13 is to actually place the N-bitidentification code word directly into the logo image 700. In some sensethis would be self-referential. Thus when we pull out our stored logoimage 700 it already contains visually what our identification word is,then we apply encryption routine #28 to this image, scale it down, thenuse this version to decode a suspect image using the techniques of thisdisclosure. The N bit word thus found should match the one contained inour logo image 700.

One desirable feature of the encryption/scrambling routine 702 might be(but is certainly not required to be) that even given a small change inthe input image 700, such as a single digit change of the frame number,there would be a huge visual change in the output scrambled master snowyimage 704. Likewise, the actual scrambling routine may change as afunction of frame numbers, or certain “seed” numbers typically usedwithin pseudo-randomizing functions could change as a function of framenumber. All manner of variations are thus possible, all helping tomaintain high levels of security. Eventually, engineering optimizationconsiderations will begin to investigate the relationship between someof these randomizing methods, and how they all relate to maintainingacceptable signal strength levels through the process of transforming anuncompressed video stream into a compressed video stream such as withthe MPEG compression methodologies.

Another desired feature of the encryption process 702 is that it shouldbe informationally efficient, i.e., that given any random input, itshould be able to output an essentially spatially uniform noisy imagewith little to no residual spatial patterns beyond pure randomness. Anyresidual correlated patterns will contribute to inefficiency of encodingthe N-bit identification word, as well as opening up further tools towould-be pirates to break the system.

Another feature of the method of FIG. 13 is that there is moreintuitional appeal to using recognizable symbols as part of a decodingsystem, which should then translate favorably in the essentially layenvironment of a courtroom. It strengthens the simplicity of the coinflip vernacular mentioned elsewhere. Jury members or judges will betterrelate to an owner's logo as being a piece of the key of recognizing asuspect copy as being a knock-off.

It should also be mentioned that, strictly speaking, the logo image 700does not need to be randomized. The steps of the technology couldequally apply straight to the logo image 700 directly. It is notentirely clear to the inventor what practical goal this might have. Atrivial extension of this concept to the case where N=1 is where, simplyand easily, the logo image 700 is merely added to an original image at avery low brightness level. The inventor does not presume this trivialcase to be at all a novelty. In many ways this is similar to the age oldissue of subliminal advertising, where the low light level patternsadded to an image are recognizable to the human eye/brain systemand—supposedly—operating on the human brain at an unconscious level. Bypointing out these trivial extensions of the current technology,hopefully there can arise further clarity which distinguishes the novelprinciples of this technology in relation to such well known prior arttechniques.

5-Bit Abridged Alphanumeric Code Sets and Others

It is desirable in some applications for the N-bit identification wordto actually signify names, companies, strange words, messages, and thelike. Most of this disclosure focuses on using the N-bit identificationword merely for high statistical security, indexed tracking codes, andother index based message carrying. The information carrying capacity of“invisible signatures” inside imagery and audio is somewhat limited,however, and thus it would be wise to use our N bits efficiently if weactually want to “spell out” alphanumeric items in the N-bitidentification word.

One way to do this is to define, or to use an already existing, reducedbit (e.g. less than 8-bit ASCII) standardized codes for passingalphanumeric messages. This can help to satisfy this need on the part ofsome applications. For example, a simple alphanumeric code could bebuilt on a 5-bit index table, where for example the letters V, X, Q, andZ are not included, but the digits 0 through 9 are included. In thisway, a 100 bit identification word could carry with it 20 alphanumericsymbols. Another alternative is to use variable bit length codes such asthe ones used in text compression routines (e.g. Huffman) whereby morefrequently used symbols have shorter bit length codes and lessfrequently used symbols have longer bit lengths.

More on Detecting and Recognizing the N-Bit Identification Word inSuspect Signals

Classically speaking, the detection of the N-bit identification wordfits nicely into the old art of detecting known signals in noise. Noisein this last statement can be interpreted very broadly, even to thepoint where an image or audio track itself can be considered noise,relative to the need to detect the underlying signature signals. One ofmany references to this older art is the book Kassam, Saleem A., “SignalDetection in Non-Guassian Noise,” Springer-Verlag, 1988 (available atthe Library of Congress by catalog number TK5102.5.K357 1988). To thebest of this inventor's current understanding, none of the material inthis book is directly applicable to the issue of discovering thepolarity of embedded signals of this technology, but the broaderprinciples are indeed applicable.

In particular, section 1.2 “Basic Concepts of Hypothesis Testing” ofKassam's book lays out the basic concept of a binary hypothesis,assigning the value “1” to one hypothesis and the value “0” to the otherhypothesis. The last paragraph of that section is also on pointregarding the initial preferred embodiment of this technology, i.e.,that the “0” hypothesis corresponds to “noise only” case, whereas the“1” corresponds to the presence of a signal in the observations. Thecurrent preferred embodiment of using true polarity is not like thishowever, where now the “0” corresponds to the presence of an invertedsignal rather than to “noise-only.” Also in the current preferredembodiment, the case of “noise-only” is effectively ignored, and that anidentification process will either come up with our N-bit identificationword or it will come up with “garbage.”

The continued and inevitable engineering improvement in the detection ofembedded code signals will undoubtedly borrow heavily from this genericfield of known signal detection. A common and well-known technique inthis field is the so-called “matched filter,” which is incidentallydiscussed early in section 2 of the Kassam book. Many basic texts onsignal processing include discussions on this method of signaldetection. This is also known in some fields as correlation detection.Furthermore, when the phase or location of a known signal is known apriori, such as is often the case in applications of this technology,then the matched filter can often be reduced to a simple vector dotproduct between a suspect image and the embedded signal associated withan m'th bit plane in our N-bit identification word. This then representsyet another simple “detection algorithm” for taking a suspect image andproducing a sequence of 1s and 0s with the intention of determining ifthat series corresponds to a pre-embedded N-bit identification word. Inwords, and with reference to FIG. 3, we run through the process steps upthrough and including the subtracting of the original image from thesuspect, but the next step is merely to step through all N randomindependent signals and perform a simple vector dot product betweenthese signals and the difference signal, and if that dot product isnegative, assign a ‘0’ and if that dot product is positive, assign a‘1’. Careful analysis of this “one of many” algorithms will show itssimilarity to the traditional matched filter.

There are also some immediate improvements to the “matched filter” and“correlation-type” that can provide enhanced ability to properly detectvery low level embedded code signals. Some of these improvements arederived from principles set forth in the Kassam book, others aregenerated by the inventor and the inventor has no knowledge of theirbeing developed in other papers or works, but neither has the inventordone fully extensive searching for advanced signal detection techniques.One such technique is perhaps best exemplified by FIG. 3.5 in Kassam onpage 79, wherein there are certain plots of the various locally optimumweighting coefficients which can apply to a general dot-productalgorithmic approach to detection. In other words, rather thanperforming a simple dot product, each elemental multiplication operationin an overall dot product can be weighted based upon known a prioristatistical information about the difference signal itself, i.e., thesignal within which the low level known signals are being sought. Theinterested reader who is not already familiar with these topics isencouraged to read chapter 3 of Kassam to gain a fuller understanding.

One principle which did not seem to be explicitly present in the Kassambook and which was developed rudimentarily by the inventor involves theexploitation of the magnitudes of the statistical properties of theknown signal being sought relative to the magnitude of the statisticalproperties of the suspect signal as a whole. In particular, theproblematic case seems to be where the embedded signals we are lookingfor are of much lower level than the noise and corruption present on adifference signal. FIG. 14 attempts to set the stage for the reasoningbehind this approach. The top FIG. 720 contains a generic look at thedifferences in the histograms between a typical “problematic” differencesignal, i.e., a difference signal which has a much higher overall energythan the embedded signals that may or may not be within it. The term“mean-removed” simply means that the means of both the difference signaland the embedded code signal have been removed, a common operation priorto performing a normalized dot product. The lower FIG. 722 then has agenerally similar histogram plot of the derivatives of the two signals,or in the case of an image, the scalar gradients. From pure inspectionit can be seen that a simple thresholding operation in the derivativetransform domain, with a subsequent conversion back into the signaldomain, will go a long way toward removing certain innate biases on thedot product “recognition algorithm” of a few paragraphs back.Thresholding here refers to the idea that if the absolute value of adifference signal derivative value exceeds some threshold, then it isreplaced simply by that threshold value. The threshold value can be sochosen to contain most of the histogram of the embedded signal.

Another operation which can be of minor assistance in “alleviating” someof the bias effects in the dot product algorithm is the removal of thelow order frequencies in the difference signal, i.e., running thedifference signal through a high pass filter, where the cutoff frequencyfor the high pass filter is relatively near the origin (or DC)frequency.

Special Considerations for Recognizing Embedded Codes on Signals whichhave been Compressed and Decompressed, or Alternatively, for RecognizingEmbedded Codes within Any Signal which has Undergone Some Known Processwhich Creates Non-Uniform Error Sources

Long title for a basic concept. Some signal processing operations, suchas compressing and decompressing an image, as with the JPEG/MPEG formatsof image/video compression, create errors in some given transform domainwhich have certain correlations and structure. Using JPEG as an example,if a given image is compressed then decompressed at some highcompression ratio, and that resulting image is then fourier transformedand compared to the fourier transform of the original uncompressedimage, a definite pattern is clearly visible. This patterning isindicative of correlated error, i.e. error which can be to some extentquantified and predicted. The prediction of the grosser properties ofthis correlated error can then be used to advantage in theheretofore-discussed methods of recognizing the embedded code signalswithin some suspect image which may have undergone either JPEGcompression or any other operation which leaves these telltalecorrelated error signatures. The basic idea is that in areas where thereare known higher levels of error, the value of the recognition methodsis diminished relative to the areas with known lower levels ofcorrelated errors. It is often possible to quantify the expected levelsof error and use this quantification to appropriately weight theretransformed signal values. Using JPEG compression again as an example,a suspect signal can be fourier transformed, and the fourier spacerepresentation may clearly show the telltale box grid pattern. Thefourier space signal can then be “spatially filtered” near the gridpoints, and this filtered representation can then be transformed backinto its regular time or space domain to then be run through therecognition methods presented in this disclosure. Likewise, any signalprocessing method which creates non-uniform error sources can betransformed into the domain in which these error sources arenon-uniform, the values at the high points of the error sources can beattenuated, and the thusly “filtered” signal can be transformed backinto the time/space domain for standard recognition. Often this wholeprocess will include the lengthy and arduous step of “characterizing”the typical correlated error behavior in order to “design” theappropriate filtering profiles.

“Signature Codes” and “Invisible Signatures”

Briefly and for the sake of clarity, the phrases and terms “signatures,”“invisible signatures,” and “signature codes” have been and willcontinue to be used to refer to the general techniques of thistechnology and often refer specifically to the composite embedded codesignal as defined early on in this disclosure.

More Details on Embedding Signature Codes into Motion Pictures

Just as there is a distinction made between the JPEG standards forcompressing still images and the MPEG standards for compressed motionimages, so too should there be distinctions made between placinginvisible signatures into still images and placing signatures intomotion images. As with the JPEG/MPEG distinction, it is not a matter ofdifferent foundations, it is the fact that with motion images a newdimension of engineering optimization opens up by the inclusion of timeas a parameter. Any textbook dealing with MPEG will surely contain asection on how MPEG is (generally) not merely applying JPEG on a frameby frame basis. It will be the same with the application of theprinciples of this technology: generally speaking, the placement ofinvisible signatures into motion image sequences will not be simplyindependently placing invisible signatures into one frame after thenext. A variety of time-based considerations come into play, somedealing with the psychophysics of motion image perception, others drivenby simple cost engineering considerations.

One preferred embodiment is the following. This example actually usesthe MPEG compression standard as a piece of a solution. Other motionimage compression schemes could equally well be used, be they alreadyinvented or yet to be invented. This example also utilizes the scrambledlogo image approach to generating the master snowy image as depicted inFIG. 13 and discussed in the disclosure.

A “compressed master snowy image” is independently rendered as depictedin FIG. 15. “Rendered” refers to the generally well known technique invideo, movie and animation production whereby an image or sequence ofimages is created by constructive techniques such as computerinstructions or the drawing of animation cells by hand. Thus, “torender” a signature movie in this example is essentially to let either acomputer create it as a digital file or to design some custom digitalelectronic circuitry to create it.

The overall goal of the procedure outlined in FIG. 15 is to apply theinvisible signatures to the original movie 762 in such a way that thesignatures do not degrade the commercial value of the movie,memorialized by the side-by-side viewing, 768, AND in such a way thatthe signature optimally survives through the MPEG compression anddecompression process. As noted earlier, the use of the MPEG process inparticular is an example of the generic process of compression. Also itshould be noted that the example presented here has definite room forengineering variations. In particular, those practiced in the art ofmotion picture compression will appreciate the fact if we start out withtwo video streams A and B, and we compress A and B separately andcombine their results, then the resultant video stream C will notgenerally be the same as if we pre-added the video streams A and B andcompressed this resultant. Thus we have in general, e.g.:MPEG(A)+MPEG(B)=\=MPEG(A+B)

where =\= is not equal to. This is somewhat an abstract notion tointroduce at this point in the disclosure and will become more clear asFIG. 15 is discussed. The general idea, however, is that there will be avariety of algebras that can be used to optimize the pass-through of“invisible” signatures through compression procedures. Clearly, the sameprinciples as depicted in FIG. 15 also work on still images and the JPEGor any other still image compression standard.

Turning now to the details of FIG. 15, we begin with the simple steppingthrough of all Z frames of a movie or video. For a two hour movie playedat 30 frames per second, Z turns out to be (30*2*60*60) or 216,000. Theinner loop of 700, 702 and 704 merely mimics FIG. 13's steps. The logoframe optionally can change during the stepping through frames. The twoarrows emanating from the box 704 represent both the continuation of theloop 750 and the depositing of output frames into the rendered masterSnowy Image 752.

To take a brief but potentially appropriate digression at this point,the use of the concept of a Markov process brings certain clarity to thediscussion of optimizing the engineering implementation of the methodsof FIG. 15. Briefly, a Markov process is one in which a sequence ofevents takes place and in general there is no memory between one step inthe sequence and the next. In the context of FIG. 15 and a sequence ofimages, a Markovian sequence of images would be one in which there is noapparent or appreciable correlation between a given frame and the next.Imagine taking the set of all movies ever produced, stepping one frameat a time and selecting a random frame from a random movie to beinserted into an output movie, and then stepping through, say, oneminute or 1800 of these frames. The resulting “movie” would be a fineexample of a Markovian movie. One point of this discussion is thatdepending on how the logo frames are rendered and depending on how theencryption/scrambling step 702 is performed, the Master Snowy Movie 752will exhibit some generally quantifiable degree of Markoviancharacteristics. The point of this point is that the compressionprocedure itself will be affected by this degree of Markovian nature andthus needs to be accounted for in designing the process of FIG. 15.Likewise, and only in general, even if a fully Markovian movie iscreated in the High Brightness Master Snowy Movie, 752, then theprocessing of compressing and decompressing that movie 752, representedas the MPEG box 754, will break down some of the Markovian nature of 752and create at least a marginally non-Markovian compressed master SnowyMovie 756. This point will be utilized when the disclosure brieflydiscusses the idea of using multiple frames of a video stream in orderto find a single N-bit identification word, that is, the same N-bitidentification word may be embedded into several frames of a movie, andit is quite reasonable to use the information derived from thosemultiple frames to find that single N-bit identification word. Thenon-Markovian nature of 756 thus adds certain tools to reading andrecognizing the invisible signatures. Enough of this tangent.

With the intent of pre-conditioning the ultimately utilized Master SnowyMovie 756, we now send the rendered High Brightness Master Snowy Movie752 through both the MPEG compression AND decompression procedure 754.With the caveat previously discussed where it is acknowledged that theMPEG compression process is generally not distributive, the idea of thestep 754 is to crudely segregate the initially rendered Snowy Movie 752into two components, the component which survives the compressionprocess 754 which is 756, and the component which does not survive, alsocrudely estimated using the difference operation 758 to produce the“Cheap Master Snowy Movie” 760. The reason use is made of thedeliberately loose term “Cheap” is that we can later add this signaturesignal as well to a distributable movie, knowing that it probably won'tsurvive common compression processes but that nevertheless it canprovide “cheap” extra signature signal energy for applications orsituations which will never experience compression. [Thus it is at leastnoted in FIG. 15]. Back to FIG. 15 proper, we now have a rough cut atsignatures which we know have a higher likelihood of surviving intactthrough the compression process, and we use this “Compressed MasterSnowy Movie” 756 to then go through this technology's procedure of beingscaled down 764, added to the original movie 766, producing a candidatedistributable movie 770, then compared to the original movie (768) toensure that it meets whatever commercially viable criteria which havebeen set up (i.e. the acceptable perceived noise level). The arrow fromthe side-by-side step 768 back to the scale down step 764 correspondsquite directly to the “experiment visually . . . ” step of FIG. 2, andthe gain control 226 of FIG. 6. Those practiced in the art of image andaudio information theory can recognize that the whole of FIG. 15 can besummarized as attempting to pre-condition the invisible signaturesignals in such a way that they are better able to withstand even quiteappreciable compression. To reiterate a previously mentioned item aswell, this idea equally applies to ANY such pre-identifiable process towhich an image, and image sequence, or audio track might be subjected.This clearly includes the JPEG process on still images.

Additional Elements of the Realtime Encoder Circuitry

It should be noted that the method steps represented in FIG. 15,generally following from box 750 up through the creation of thecompressed master snowy movie 756, could with certain modification beimplemented in hardware. In particular, the overall analog noise source206 in FIG. 6 could be replaced by such a hardware circuit. Likewise thesteps and associated procedures depicted in FIG. 13 could be implementedin hardware and replace the analog noise source 206.

Recognition Based on More than One Frame: Non-Markovian Signatures

As noted in the digression on Markov and non-Markov sequences of images,it is pointed out once again that in such circumstances where theembedded invisible signature signals are non-Markovian in nature, i.e.,that there is some correlation between the master snowy image of oneframe to that of the next, AND furthermore that a single N-bitidentification word is used across a range of frames and that thesequence of N-bit identification words associated with the sequence offrames is not Markovian in nature, then it is possible to utilize thedata from several frames of a movie or video in order to recognize asingle N-bit identification word. All of this is a fancy way of sayingthat the process of recognizing the invisible signatures should use asmuch information as is available, in this case translating to multipleframes of a motion image sequence.

Header Verification

The concept of the “header” on a digital image or audio file is a wellestablished practice in the art. The top of FIG. 16 has a simplifiedlook at the concept of the header, wherein a data file begins withgenerally a comprehensive set of information about the file as a whole,often including information about who the author or copyright holder ofthe data is, if there is a copyright holder at all. This header 800 isthen typically followed by the data itself 802, such as an audio stream,a digital image, a video stream, or compressed versions of any of theseitems. This is all exceedingly known and common in the industry.

One way in which the principles of this technology can be employed inthe service of information integrity is generically depicted in thelower diagram of FIG. 16. In general, the N-bit identification word canbe used to essentially “wallpaper” a given simple message throughout animage (as depicted) or audio data stream, thereby reinforcing somemessage already contained in a traditional header. This is referred toas “header verification” in the title of this section. The thinking hereis that less sophisticated would-be pirates and abusers can alter theinformation content of header information, and the more securetechniques of this technology can thus be used as checks on the veracityof header information. Provided that the code message, such as “joe'simage” in the header, matches the repeated message throughout an image,then a user obtaining the image can have some higher degree ofconfidence that no alteration of the header has taken place.

Likewise, the header can actually carry the N-bit identification word sothat the fact that a given data set has been coded via the methods ofthis technology can be highlighted and the verification code built rightinto the header. Naturally, this data file format has not been createdyet since the principles of this technology are currently not beingemployed.

The “Bodier”: the Ability to Largely Replace a Header

Although all of the possible applications of the following aspect of thetechnology are not fully developed, it is nevertheless presented as adesign alternative that may be important some day. The title of thissection contains the silly phrase used to describe this possibility: the“bodier.”

Whereas the previous section outlined how the N-bit identification wordcould “verify” information contained within the header of a digitalfile, there is also the prospect that the methods of this technologycould completely replace the very concept of the header and place theinformation which is traditionally stored in the header directly intothe digital signal and empirical data itself.

This could be as simple as standardizing on, purely for example, a96-bit (12 bytes) leader string on an otherwise entirely empirical datastream. This leader string would plain and simple contain the numericlength, in elemental data units, of the entire data file not includingthe leader string, and the number of bits of depth of a single dataelement (e.g. its number of grey levels or the number of discrete signallevels of an audio signal). From there, universal codes as described inthis specification would be used to read the N-bit identification wordwritten directly within the empirical data. The length of the empiricaldata would need to be long enough to contain the full N bits. The N-bitword would effectively transmit what would otherwise be contained in atraditional header.

FIG. 17 depicts such a data format and calls it the “universal empiricaldata format.” The leader string 820 is comprised of the 64 bit stringlength 822 and the 32 bit data word size 824. The data stream 826 thenimmediately follows, and the information traditionally contained in theheader but now contained directly in the data stream is represented asthe attached dotted line 828. Another term used for this attachedinformation is a “shadow channel” as also depicted in FIG. 17.

Yet another element that may need to be included in the leader string issome sort of complex check sum bits which can verify that the whole ofthe data file is intact and unaltered. This is not included in FIG. 17.

More on Distributed Universal Code Systems: Dynamic Codes

One intriguing variation on the theme of universal codes is thepossibility of the N-bit identification word actually containinginstructions which vary the operations of the universal code systemitself. One of many examples is immediately in order: a datatransmission is begun wherein a given block of audio data is fullytransmitted, an N-bit identification word is read knowing that the firstblock of data used universal codes #145 out of a set of 500, say, andthat part of the N-bit identification word thus found is theinstructions that the next block of data should be “analyzed” using theuniversal code set #411 rather than #145. In general, this technologycan thus be used as a method for changing on the fly the actual decodinginstructions themselves. Also in general, this ability to utilize“dynamic codes” should greatly increase the sophistication level of thedata verification procedures and increase the economic viability ofsystems which are prone to less sophisticated thwarting by hackers andwould-be pirates. The inventor does not believe that the concept ofdynamically changing decoding/decrypting instructions is novel per se,but the carrying of those instructions on the “shadow channel” ofempirical data does appear to be novel to the best of the inventor'sunderstanding. [Shadow channel was previously defined as yet anothervernacular phrase encapsulating the more steganographic proper elementsof this technology].

A variant on the theme of dynamic codes is the use of universal codes onsystems which have a priori assigned knowledge of which codes to usewhen. One way to summarize this possibility is the idea of “the dailypassword.” The password in this example represents knowledge of whichset of universal codes is currently operative, and these changedepending on some set of application-specific circumstances. Presumablymany applications would be continually updating the universal codes toones which had never before been used, which is often the case with thetraditional concept of the daily password. Part of a currentlytransmitted N-bit identification word could be the passing on of thenext day's password, for example. Though time might be the most commontrigger events for the changing of passwords, there could be event basedtriggers as well.

Symmetric Patterns and Noise Patterns: Toward a Robust Universal CodingSystem

The placement of identification patterns into images is certainly notnew. Logos stamped into corners of images, subtle patterns such as truesignatures or the wallpapering of the copyright circle-C symbol, and thewatermark proper are all examples of placing patterns into images inorder to signify ownership or to try to prevent illicit uses of thecreative material.

What does appear to be novel is the approach of placing independent“carrier” patterns, which themselves are capable of being modulated withcertain information, directly into images and audio for the purposes oftransmission and discernment of said information, while effectivelybeing imperceptible and/or unintelligible to a perceiving human.Steganographic solutions currently known to the inventor all place thisinformation “directly” into empirical data (possibly first encrypted,then directly), whereas the methods of this disclosure posit thecreation of these (most-often) coextensive carrier signals, themodulation of those carrier signals with the information proper, THENthe direct application to the empirical data.

In extending these concepts one step further into the application arenaof universal code systems, where a sending site transmits empirical datawith a certain universal coding scheme employed and a receiving siteanalyzes said empirical data using the universal coding scheme, it wouldbe advantageous to take a closer look at the engineering considerationsof such a system designed for the transmission of images or motionimages, as opposed to audio. Said more clearly, the same type ofanalysis of a specific implementation such as is contained in FIG. 9 andits accompanying discussion on the universal codes in audio applicationsshould as well be done on imagery (or two dimensional signals). Thissection is such an analysis and outline of a specific implementation ofuniversal codes and it attempts to anticipate various hurdles that sucha method should clear.

The unifying theme of one implementation of a universal coding systemfor imagery and motion imagery is “symmetry.” The idea driving thiscouldn't be more simple: a prophylactic against the use of imagerotation as a means for less sophisticated pirates to bypass any givenuniversal coding system. The guiding principle is that the universalcoding system should easily be read no matter what rotationalorientation the subject imagery is in. These issues are quite common inthe fields of optical character recognition and object recognition, andthese fields should be consulted for further tools and tricks infurthering the engineering implementation of this technology. As usual,an immediate example is in order.

Digital Video And Internet Company XYZ has developed a delivery systemof its product which relies on a non-symmetric universal coding whichdouble checks incoming video to see if the individual frames of videoitself, the visual data, contain XYZ's own relatively high securityinternal signature codes using the methods of this technology. Thisworks well and fine for many delivery situations, including theirInternet tollgate which does not pass any material unless both theheader information is verified AND the in-frame universal codes arefound. However, another piece of their commercial network performsmundane routine monitoring on Internet channels to look for unauthorizedtransmission of their proprietary creative property. They control theencryption procedures used, thus it is no problem for them to unencryptcreative property, including headers, and perform straightforwardchecks. A pirate group that wants to traffic material on XYZ's networkhas determined how to modify the security features in XYZ's headerinformation system, and they have furthermore discovered that by simplyrotating imagery by 10 or 20 degrees, and transmitting it over XYZ'snetwork, the network doesn't recognize the codes and therefore does notflag illicit uses of their material, and the receiver of the pirate'srotated material simply unrotates it.

Summarizing this last example via logical categories, the non-symmetricuniversal codes are quite acceptable for the “enablement of authorizedaction based on the finding of the codes,” whereas it can be somewhateasily by-passed in the case of “random monitoring (policing) for thepresence of codes.” [Bear in mind that the non-symmetric universal codesmay very well catch 90% of illicit uses, i.e. 90% of the illicit userswouldn't bother even going to the simple by-pass of rotation.] Toaddress this latter category, the use of quasi-rotationally symmetricuniversal codes is called for. “Quasi” derives from the age old squaringthe circle issue, in this instance translating into not quite being ableto represent a full incrementally rotational symmetric 2-D object on asquare grid of pixels. Furthermore, basic considerations must be madefor scale/magnification changes of the universal codes. It is understoodthat the monitoring process must be performed when the monitored visualmaterial is in the “perceptual” domain, i.e. when it has beenunencrypted or unscrambled and in the form with which it is (or wouldbe) presented to a human viewer. Would-be pirates could attempt to useother simple visual scrambling and unscrambling techniques, and toolscould be developed to monitor for these telltale scrambled signals. Saidanother way, would-be pirates would then look to transform visualmaterial out of the perceptual domain, pass by a monitoring point, andthen transform the material back into the perceptual domain; tools otherthan the monitoring for universal codes would need to be used in suchscenarios. The monitoring discussed here therefore applies toapplications where monitoring can be performed in the perceptual domain,such as when it is actually sent to viewing equipment.

The “ring” is the only full rotationally symmetric two dimensionalobject. The “disk” can be seen as a simple finite series of concentricand perfectly abutted rings having width along their radial axis. Thus,the “ring” needs to be the starting point from which a more robustuniversal code standard for images is found. The ring also will fitnicely into the issue of scale/magnification changes, where the radiusof a ring is a single parameter to keep track of and account for.Another property of the ring is that even the case where differentialscale changes are made to different spatial axes in an image, and thering turns into an oval, many of the smooth and quasi-symmetricproperties that any automated monitoring system will be looking for aregenerally maintained. Likewise, appreciable geometric distortion of anyimage will clearly distort rings but they can still maintain grosssymmetric properties. Hopefully, more pedestrian methods such as simply“viewing” imagery will be able to detect attempted illicit piracy inthese regards, especially when such lengths are taken to by-pass theuniversal coding system.

Rings to Knots

Having discovered the ring as the only ideal symmetric pattern uponwhose foundation a full rotationally robust universal coding system canbe built, we must turn this basic pattern into something functional,something which can carry information, can be read by computers andother instrumentation, can survive simple transformations andcorruptions, and can give rise to reasonably high levels of security(probably not unbreakable, as the section on universal codes explained)in order to keep the economics of subversion as a simple incrementalcost item.

One current preferred embodiment of the “ring-based” universal codes iswhat the inventor refers to as “knot patterns” or simply “knots,” indeference to woven Celtic knot patterns which were later refined andexalted in the works of Leonardo Da Vinci (e.g. Mona Lisa, or his knotengravings). Some rumors have it that these drawings of knots wereindeed steganographic in nature, i.e. conveying messages and signatures;all the more appropriate. FIGS. 18 and 19 explore some of thefundamental properties of these knots.

Two simple examples of knot patterns are depicted by the supra-radialknots, 850 and the radial knots 852. The names of these types are basedon the central symmetry point of the splayed rings and whether theconstituent rings intersect this point, are fully outside it, or in thecase of sub-radial knots the central point would be inside a constituentcircle. The examples of 850 and 852 clearly show a symmetricalarrangement of 8 rings or circles. “Rings” is the more appropriate term,as discussed above, in that this term explicitly acknowledges the widthof the rings along the radial axis of the ring. It is each of theindividual rings in the knot patterns 850 and 852 which will be thecarrier signal for a single associated bit plane in our N-bitidentification word. Thus, the knot patterns 850 and 852 each are an8-bit carrier of information. Specifically, assuming now that the knotpatterns 850 and 852 are luminous rings on a black background, then the“addition” of a luminous ring to an independent source image couldrepresent a “1” and the “subtraction” of a luminous ring from anindependent source image could represent a “0.” The application of thissimple encoding scheme could then be replicated over and over as in FIG.19 and its mosaic of knot patterns, with the ultimate step of adding ascaled down version of this encoded (modulated) knot mosaic directly andcoextensively to the original image, with the resultant being thedistributable image which has been encoded via this universal symmetriccoding method. It remains to communicate to a decoding system which ringis the least significant bit in our N-bit identification word and whichis the most significant. One such method is to make a slightly ascendingscale of radii values (of the individual rings) from the LSB to the MSB.Another is to merely make the MSB, say, 10% larger radius than all theothers and to pre-assign counterclockwise as the order with which theremaining bits fall out. Yet another is to put some simple hash markinside one and only one circle. In other words, there are a variety ofways with which the bit order of the rings can be encoded in these knotpatterns.

The preferred embodiment for the decoding of, first of all checking forthe mere existence of these knot patterns, and second, for the readingof the N-bit identification word, is as follows. A suspect image isfirst fourier transformed via the extremely common 2D FFT computerprocedure. Assuming that we don't know the exact scale of the knotpatterns, i.e., we don't know the radius of an elemental ring of theknot pattern in the units of pixels, and that we don't know the exactrotational state of a knot pattern, we merely inspect (via basicautomated pattern recognition methods) the resulting magnitude of theFourier transform of the original image for telltale ripple patterns(concentric low amplitude sinusoidal rings on top of the spatialfrequency profile of a source image). The periodicity of these rings,along with the spacing of the rings, will inform us that the universalknot patterns are or are not likely present, and their scale in pixels.Classical small signal detection methods can be applied to this problemjust as they can to the other detection methodologies of thisdisclosure. Common spatial filtering can then be applied to the fouriertransformed suspect image, where the spatial filter to be used wouldpass all spatial frequencies which are on the crests of the concentriccircles and block all other spatial frequencies. The resulting filteredimage would be fourier transformed out of the spatial frequency domainback into the image space domain, and almost by visual inspection theinversion or non-inversion of the luminous rings could be detected,along with identification of the MSB or LSB ring, and the (in this case8) N-bit identification code word could be found. Clearly, a patternrecognition procedure could perform this decoding step as well.

The preceding discussion and the method it describes has certainpractical disadvantages and shortcomings which will now be discussed andimproved upon. The basic method was presented in a simple-minded fashionin order to communicate the basic principles involved.

Let's enumerate a few of the practical difficulties of the abovedescribed universal coding system using the knot patterns. For one (1),the ring patterns are somewhat inefficient in their “covering” of thefull image space and in using all of the information carrying capacityof an image extent. Second (2), the ring patterns themselves will almostneed to be more visible to the eye if they are applied, say, in astraightforward additive way to an 8-bit black and white image. Next(3), the “8” rings of FIGS. 18, 850 and 852, is a rather low number, andmoreover, there is a 22 and one half degree rotation which could beapplied to the figures which the recognition methods would need tocontend with (360 divided by 8 divided by 2). Next (4), strictoverlapping of rings would produce highly condensed areas where theadded and subtracted brightness could become quite appreciable. Next(5), the 2D FFT routine used in the decoding is notoriouslycomputationally cumbersome as well as some of the pattern recognitionmethods alluded to. Finally (6), though this heretofore described formof universal coding does not pretend to have ultra-high security in theclassical sense of top security communications systems, it wouldnevertheless be advantageous to add certain security features whichwould be inexpensive to implement in hardware and software systems whichat the same time would increase the cost of would-be pirates attemptingto thwart the system, and increase the necessary sophistication level ofthose pirates, to the point that a would-be pirate would have to go sofar out of their way to thwart the system that willfulness would beeasily proven and hopefully subject to stiff criminal liability andpenalty (such as the creation and distribution of tools which stripcreative property of these knot pattern codes).

All of these items can be addressed and should continue to be refinedupon in any engineering implementation of the principles of thetechnology. This disclosure addresses these items with the followingcurrent preferred embodiments.

Beginning with item number 3, that there are only 8 rings represented inFIG. 18 is simply remedied by increasing the number of rings. The numberof rings that any given application will utilize is clearly a functionof the application. The trade-offs include but are not limited to: onthe side which argues to limit the number of rings utilized, there willultimately be more signal energy per ring (per visibility) if there areless rings; the rings will be less crowded so that there discernment viaautomated recognition methods will be facilitated; and in general sincethey are less crowded, the full knot pattern can be contained using asmaller overall pixel extent, e.g. a 30 pixel diameter region of imagerather than a 100 pixel diameter region. The arguments to increase thenumber of rings include: the desire to transmit more information, suchas ascii information, serial numbers, access codes, allowed use codesand index numbers, history information, etc.; another key advantage ofhaving more rings is that the rotation of the knot pattern back intoitself is reduced, thereby allowing the recognition methods to deal witha smaller range of rotation angles (e.g., 64 rings will have a maximumrotational displacement of just under 3 degrees, i.e. maximallydissimilar to its original pattern, where a rotation of about 5 and onehalf degrees brings the knot pattern back into its initial alignment;the need to distinguish the MSB/LSB and the bit plane order is betterseen in this example as well). It is anticipated that most practicalapplications will choose between 16 and 128 rings, corresponding to N=16to N=128 for the choice of the number of bits in the N-bitidentification code word. The range of this choice would somewhatcorrelate to the overall radius, in pixels, allotted to an elementalknot pattern such as 850 or 852.

Addressing the practical difficulty item number 4, that of thecondensation of rings patterns at some points in the image and lack ofring patterns in others (which is very similar, but still distinct from,item 1, the inefficient covering), the following improvement can beapplied. FIG. 18 shows an example of a key feature of a “knot” (asopposed to a pattern of rings) in that where patterns would supposedlyintersect, a virtual third dimension is posited whereby one strand ofthe knot takes precedence over another strand in some predefined way;see item 854. In the terms of imagery, the brightness or dimness of agiven intersection point in the knot patterns would be “assigned” to oneand only one strand, even in areas where more than two strands overlap.The idea here is then extended, 864, to how rules about this assignmentshould be carried out in some rotationally symmetric manner. Forexample, a rule would be that, travelling clockwise, an incoming strandto a loop would be “behind” an outgoing strand. Clearly there are amultitude of variations which could be applied to these rules, manywhich would critically depend on the geometry of the knot patternschosen. Other issues involved will probably be that the finite width,and moreover the brightness profile of the width along the normal axisto the direction of a strand, will all play a role in the rules ofbrightness assignment to any given pixel underlying the knot patterns.

A major improvement to the nominal knot pattern system previouslydescribed directly addresses practical difficulties (1), the inefficientcovering, (2) the unwanted visibility of the rings, and (6) the need forhigher levels of security. This improvement also indirectly address item(4) the overlapping issue, which has been discussed in the lastparagraph. This major improvement is the following: just prior to thestep where the mosaic of the encoded knot patterns is added to anoriginal image to produce a distributable image, the mosaic of encodedknot patterns, 866, is spatially filtered (using common 2D FFTtechniques) by a standardized and (generally smoothly) random phase-onlyspatial filter. It is very important to note that this phase-only filteris itself fully rotationally symmetric within the spatial frequencydomain, i.e. its filtering effects are fully rotationally symmetric. Theeffect of this phase-only filter on an individual luminous ring is totransform it into a smoothly varying pattern of concentric rings, nottotally dissimilar to the pattern on water several instances after apebble is dropped in, only that the wave patterns are somewhat random inthe case of this phase-only filter rather than the uniform periodicityof a pebble wave pattern. FIG. 20 attempts to give a rough (i.e.non-greyscale) depiction of these phase-only filtered ring patterns. Thetop figure of FIG. 20 is a cross section of a typical brightnesscontour/profile 874 of one of these phase-only filtered ring patterns.Referenced in the figure is the nominal location of the pre-filteredouter ring center, 870. The center of an individual ring, 872, isreferenced as the point around which the brightness profile is rotatedin order to fully describe the two dimensional brightness distributionof one of these filtered patterns. Yet another rough attempt tocommunicate the characteristics of the filtered ring is depicted as 876,a crude greyscale image of the filtered ring. This phase-only filteredring, 876 will can be referred to as a random ripple pattern.

Not depicted in FIG. 20 is the composite effects of phase-only filteringon the knot patterns of FIG. 18, or on the mosaic of knot patterns 866in FIG. 19. Each of the individual rings in the knot patterns 850 or 852will give rise to a 2D brightness pattern of the type 876, and togetherthey form a rather complicated brightness pattern. Realizing that theencoding of the rings is done by making it luminous (1) or“anti-luminous” (0), the resulting phase-only filtered knot patternsbegin to take on subtle characteristics which no longer make directsense to the human eye, but which are still readily discernable to acomputer especially after the phase-only filtering is inverse filteredreproducing the original rings patterns.

Returning now to FIG. 19, we can imagine that an 8-bit identificationword has been encoded on the knot patterns and the knot patternsphase-only filtered. The resulting brightness distribution would be arich tapestry of overlapping wave patterns which would have a certainbeauty, but would not be readily intelligible to the eye/brain. [Anexception to this might draw from the lore of the South Pacific Islandcommunities, where it is said that sea travellers have learned thesubtle art of reading small and multiply complex ocean wave patterns,generated by diffracted and reflected ocean waves off of interveningislands, as a primary navigational tool.] For want of a better term, theresulting mosaic of filtered knot patterns (derived from 866) can becalled the encoded knot tapestry or just the knot tapestry. Some basicproperties of this knot tapestry are that it retains the basicrotational symmetry of its generator mosaic, it is generallyunintelligible to the eye/brain, thus raising it a notch on thesophistication level of reverse engineering, it is more efficient atusing the available information content of a grid of pixels (more onthis in the next section), and if the basic knot concepts 854 and 864are utilized, it will not give rise to local “hot spots” where thesignal level becomes unduly condensed and hence objectionably visible toa viewer.

The basic decoding process previously described would now need theadditional step of inverse filtering the phase-only filter used in theencoding process. This inverse filtering is quite well known in theimage processing industry. Provided that the scale of the knot patternsare known a priori, the inverse filtering is straightforward. If on theother hand the scale of the knot patterns is not known, then anadditional step of discovering this scale is in order. One such methodof discovering the scale of the knot patterns is to iteratively applythe inverse phase-only filter to variously scaled version of an imagebeing decoded, searching for which scale-version begins to exhibitnoticeable knot patterning. A common search algorithm such as thesimplex method could be used in order to accurately discover the scaleof the patterns. The field of object recognition should also beconsulted, under the general topic of unknown-scale object detection.

An additional point about the efficiency with which the knot tapestrycovers the image pixel grid is in order. Most applications of the knottapestry method of universal image coding will posit the application ofthe fully encoded tapestry (i.e. the tapestry which has the N-bitidentification word embedded) at a relative low brightness level intothe source image. In real terms, the brightness scale of the encodedtapestry will vary from, for example, −5 grey scale values to 5 greyscale values in a typical 256 grey scale image, where the preponderanceof values will be within −2 and 2. This brings up the purely practicalmatter that the knot tapestry will be subject to appreciable bittruncation error. Put as an example, imagine a constructed knot tapestrynicely utilizing a full 256 grey level image, then scaling this down bya factor of 20 in brightness including the bit truncation step, thenrescaling this truncated version back up in brightness by the samefactor of 20, then inverse phase-only filtering the resultant. Theresulting knot pattern mosaic will be a noticeably degraded version ofthe original knot pattern mosaic. The point of bringing all of this upis the following: it will be a simply defined, but indeed challenging,engineering task to select the various free parameters of design in theimplementation of the knot tapestry method, the end goal being to pass amaximum amount of information about the N-bit identification word withinsome pre-defined visibility tolerance of the knot tapestry. The freeparameters include but would not be fully limited to: the radius of theelemental ring in pixels, N or the number of rings, the distance inpixels from the center of a knot pattern to the center of an elementalring, the packing criteria and distances of one knot pattern with theothers, the rules for strand weaving, and the forms and types ofphase-only filters to be used on the knot mosaics. It would be desirableto feed such parameters into a computer optimization routine which couldassist in their selection. Even this would begin surely as more of anart than a science due to the many non-linear free parameters involved.

A side note on the use of phase-only filtering is that it can assist inthe detection of the ring patterns. It does so in that the inversefiltering of the decoding process tends to “blur” the underlying sourceimage upon which the knot tapestry is added, while at the same time“bringing into focus” the ring patterns. Without the blurring of thesource image, the emerging ring patterns would have a harder time“competing” with the sharp features of typical images. The decodingprocedure should also utilize the gradient thresholding method describedin another section. Briefly, this is the method where if it is knownthat a source signal is much larger in brightness than our signaturesignals, then an image being decoded can have higher gradient areasthresholded in the service of increasing the signal level of thesignature signals relative to the source signal.

As for the other practical difficulty mentioned earlier, item (5) whichdeals with the relative computational overhead of the 2D FFT routine andof typical pattern recognition routines, the first remedy here positedbut not filled is to find a simpler way of quickly recognizing anddecoding the polarity of the ring brightnesses than that of using the 2DFFT. Barring this, it can be seen that if the pixel extent of anindividual knot pattern (850 or 852) is, for example, 50 pixels indiameter, than a simple 64 by 64 pixel 2D FFT on some section of animage may be more than sufficient to discern the N-bit identificationword as previously described. The idea would be to use the smallestimage region necessary, as opposed to being required to utilize anentire image, to discern the N-bit identification word.

Another note is that those practitioners in the science of imageprocessing will recognize that instead of beginning the discussion onthe knot tapestry with the utilization of rings, we could have insteadjumped right to the use of 2D brightness distribution patterns 876, QUAbases functions. The use of the “ring” terminology as the baselinetechnology is partly didactic, as is appropriate for patent disclosuresin any event. What is more important, perhaps, is that the use of true“rings” in the decoding process, post-inverse filtering, is probably thesimplest form to input into typical pattern recognition routines.

Neural Network Decoders

Those skilled in the signal processing art will recognize that computersemploying neural network architectures are well suited to the patternrecognition and detection-of-small-signal-in-noise issues posed by thepresent technology. While a complete discourse on these topics is beyondthe scope of this specification, the interested reader is referred to,e.g., Cherkassky, V., “From Statistics to Neural Networks: Theory &Pattern Recognition Applications,” Springer-Verlag, 1994; Masters, T.,“Signal & Image Processing with Neural Networks: C Sourcebook,” Wiley,1994; Guyon, I, “Advances in Pattern Recognition Systems Using NeuralNetworks,” World Scientific Publishers, 1994; Nigrin, A., “NeuralNetworks for Pattern Recognition,” MIT Press, 1993; Cichoki, A., “NeuralNetworks for Optimization & Signal Processing,” Wiley, 1993; and Chen,C., “Neural Networks for Pattern Recognition & Their Applications,”World Scientic Publishers, 1991.

2D Universal Codes II: Simple Scan Line Implementation of the OneDimensional Case

The above section on rings, knots and tapestries certainly has itsbeauty, but some of the steps involved may have enough complexity thatpractical implementations may be too costly for certain applications. Apoor cousin the concept of rings and well-designed symmetry is to simplyutilize the basic concepts presented in connection with FIG. 9 and theaudio signal, and apply them to two dimensional signals such as images,but to do so in a manner where, for example, each scan line in an imagehas a random starting point on, for example, a 1000 pixel long universalnoise signal. It would then be incumbent upon recognition software andhardware to interrogate imagery across the full range of rotationalstates and scale factors to “find” the existence of these universalcodes.

The Universal Commercial Copyright (UCC) Image, Audio, and Video FileFormats

It is as well known as it is regretted that there exist a plethora offile format standards (and not-so-standards) for digital images, digitalaudio, and digital video. These standards have generally been formedwithin specific industries and applications, and as the usage andexchange of creative digital material proliferated, the various fileformats slugged it out in cross-disciplinary arenas, where today we finda defacto histogram of devotees and users of the various favoriteformats. The JPEG, MPEG standards for formatting and compression areonly slight exceptions it would seem, where some concertedcross-industry collaboration came into play.

The cry for a simple universal standard file format for audio/visualdata is as old as the hills. The cry for the protection of such materialis older still. With all due respect to the innate difficultiesattendant upon the creation of a universal format, and with all duerespect to the pretentiousness of outlining such a plan within a patentdisclosure, the inventor does believe that the methods of thistechnology can serve perhaps as well as anything for being thefoundation upon which an accepted world-wide “universal commercialcopyright” format is built. Practitioners know that such animals are notbuilt by proclamation, but through the efficient meeting of broad needs,tenacity, and luck. More germane to the purposes of this disclosure isthe fact that the application of this technology would benefit if itcould become a central piece within an industry standard file format.The use of universal codes in particular could be specified within sucha standard. The fullest expression of the commercial usage of thistechnology comes from the knowledge that the invisible signing is takingplace and the confidence that instills in copyright holders.

The following is a list of reasons that the principles of thistechnology could serve as the catalyst for such a standard: (1) Few ifany technical developments have so isolated and so pointedly addressedthe issue of broad-brush protection of empirical data and audio/visualmaterial; (2) All previous file formats have treated the informationabout the data, and the data itself, as two separate and physicallydistinct entities, whereas the methods of this technology can combinethe two into one physical entity; (3) The mass scale application of theprinciples of this technology will require substantial standardizationwork in the first place, including integration with the years-to-comeimprovements in compression technologies, so the standardsinfrastructure will exist by default; (4) the growth of multimedia hascreated a generic class of data called “content,” which includes text,images, sound, and graphics, arguing for higher and higher levels of“content standards”; and (5) marrying copyright protection technologyand security features directly into a file format standard is longoverdue.

Elements of a universal standard would certainly include the mirroringaspects of the header verification methods, where header information isverified by signature codes directly within data. Also, a universalstandard would outline how hybrid uses of fully private codes and publiccodes would comingle. Thus, if the public codes were “stripped” bysophisticated pirates, the private codes would remain intact. Auniversal standard would specify how invisible signatures would evolveas digital images and audio evolve. Thus, when a given image is createdbased on several source images, the standard would specify how and whenthe old signatures would be removed and replaced by new signatures, andif the header would keep track of these evolutions and if the signaturesthemselves would keep some kind of record.

Pixels vs. Bumps

Most of the disclosure focuses on pixels being the basic carriers of theN-bit identification word. The section discussing the use of a single“master code signal” went so far as to essentially “assign” each andevery pixel to a unique bit plane in the N-bit identification word.

For many applications, with one exemplar being that of ink basedprinting at 300 dots per inch resolution, what was once a pixel in apristine digital image file becomes effectively a blob (e.g. of ditheredink on a piece of paper). Often the isolated information carryingcapacity of the original pixel becomes compromised by neighboring pixelsspilling over into the geometrically defined space of the originalpixel. Those practiced in the art will recognize this as simple spatialfiltering and various forms of blurring.

In such circumstances it may be more advantageous to assign a certainhighly local group of pixels to a unique bit plane in the N-bitidentification word, rather than merely a single pixel. The end goal issimply to pre-concentrate more of the signature signal energy into thelower frequencies, realizing that most practical implementations quicklystrip or mitigate higher frequencies.

A simple-minded approach would be to assign a 2 by 2 block of pixels allto be modulated with the same ultimate signature grey value, rather thanmodulating a single assigned pixel. A more fancy approach is depicted inFIGS. 21A and 21B, where an array of pixel groups is depicted. This is aspecific example of a large class of configurations. The idea is thatnow a certain small region of pixels is associated with a given uniquebit plane in the N-bit identification word, and that this groupingactually shares pixels between bit planes (though it doesn't necessaryhave to share pixels, as in the case of a 2×2 block of pixels above).

Depicted in FIGS. 21A and 21B is a 3×3 array of pixels with an examplenormalized weighting (normalized-->the weights add up to 1). The methodsof this technology now operate on this elementary “bump,” as a unit,rather than on a single pixel. It can be seen that in this example thereis a fourfold decrease in the number of master code values that need tobe stored, due to the spreading out of the signature signal.Applications of this “bump approach” to placing in invisible signaturesinclude any application which will experience a priori known highamounts of blurring, where proper identification is still desired evenafter this heavy blurring.

More on the Steganographic Uses of this Technology

As mentioned in the initial sections of the disclosure, steganography asan art and as a science is a generic prior art to this technology.Putting the shoe on the other foot now, and as already doubtlessapparent to the reader who has ventured thus far, the methods of thistechnology can be used as a novel method for performing steganography.(Indeed, all of the discussion thus far may be regarded as exploringvarious forms and implementations of steganography.)

In the present section, we shall consider steganography as the need topass a message from point A to point B, where that message isessentially hidden within generally independent empirical data. Asanyone in the industry of telecommunications can attest to, the range ofpurposes for passing messages is quite broad. Presumably there would besome extra need, beyond pure hobby, to place messages into empiricaldata and empirical signals, rather than sending those messages via anynumber of conventional and straightforward channels. Past literature andproduct propaganda within steganography posits that such an extra need,among others, might be the desire to hide the fact that a message iseven being sent. Another possible need is that a conventionalcommunications channel is not available directly or is cost prohibitive,assuming, that is, that a sender of messages can “transmit” theirencoded empirical data somehow. This disclosure includes by referenceall previous discussions on the myriad uses to which steganography mightapply, while adding the following uses which the inventor has notpreviously seen described.

The first such use is very simple. It is the need to carry messagesabout the empirical data within which the message is carried. The littlejoke is that now the media is truly the message, though it would be nextto impossible that some previous steganographer hasn't already exploitedthis joke. Some of the discussion on placing information about theempirical data directly inside that empirical data was already coveredin the section on replacing the header and the concept of the “bodier.”This section expands upon that section somewhat.

The advantages of placing a message about empirical data directly inthat data is that now only one class of data object is present ratherthan the previous two classes. In any two class system, there is therisk of the two classes becoming disassociated, or one class corruptedwithout the other knowing about it. A concrete example here is what theinventor refers to as “device independent instructions.”

There exist zillions of machine data formats and data file formats. Thisplethora of formats has been notorious in its power to impede progresstoward universal data exchange and having one machine do the same thingthat another machine can do. The instructions that an originator mightput into a second class of data (say the header) may not at all becompatible with a machine which is intended to recognize theseinstructions. If format conversions have taken place, it is alsopossible that critical instructions have been stripped along the way, orgarbled. The improvements disclosed here can be used as a way to “sealin” certain instructions directly into empirical data in such a way thatall that is needed by a reading machine to recognize instructions andmessages is to perform a standardized “recognition algorithm” on theempirical data (providing of course that the machine can at the veryleast “read” the empirical data properly). All machines could implementthis algorithm any old way they choose, using any compilers or internaldata formats that they want.

Implementation of this device independent instruction method wouldgenerally not be concerned over the issue of piracy or illicit removalof the sealed in messages. Presumably, the embedded messages andinstructions would be a central valuable component in the basic valueand functioning of the material.

Another example of a kind of steganographic use of the technology is theembedding of universal use codes for the benefit of a user community.The “message” being passed could be simply a registered serial numberidentifying ownership to users who wish to legitimately use and pay forthe empirical information. The serial number could index into a vastregistry of creative property, containing the name or names of theowners, pricing information, billing information, and the like. The“message” could also be the clearance of free and public use for somegiven material. Similar ownership identification and use indexing can beachieved in two class data structure methods such as a header, but theuse of the single class system of this technology may offer certainadvantages over the two class system in that the single class systemdoes not care about file format conversion, header compatibilities,internal data format issues, header/body archiving issues, and mediatransformations.

Fully Exact Steganography

Prior art steganographic methods currently known to the inventorgenerally involve fully deterministic or “exact” prescriptions forpassing a message. Another way to say this is that it is a basicassumption that for a given message to be passed correctly in itsentirety, the receiver of the information needs to receive the exactdigital data file sent by the sender, tolerating no bit errors or “loss”of data. By definition, “lossy” compression and decompression onempirical signals defeat such steganographic methods. (Prior art, suchas the previously noted Komatsu work, are the exceptions here.)

The principles of this technology can also be utilized as an exact formof steganography proper. It is suggested that such exact forms ofsteganography, whether those of prior art or those of this technology,be combined with the relatively recent art of the “digital signature”and/or the DSS (digital signature standard) in such a way that areceiver of a given empirical data file can first verify that not onesingle bit of information has been altered in the received file, andthus verify that the contained exact steganographic message has not beenaltered.

The simplest way to use the principles of this technology in an exactsteganographic system is to utilize the previously discussed “designed”master noise scheme wherein the master snowy code is not allowed tocontain zeros. Both a sender and a receiver of information would needaccess to BOTH the master snowy code signal AND the original unencodedoriginal signal. The receiver of the encoded signal merely subtracts theoriginal signal giving the difference signal and the techniques ofsimple polarity checking between the difference signal and the mastersnowy code signal, data sample to data sample, producing a the passedmessage a single bit at a time. Presumably data samples with values nearthe “rails” of the grey value range would be skipped (such as the values0, 1, 254 and 255 in 8-bit depth empirical data).

Statistical Steganography

The need for the receiver of a steganographic embedded data file to haveaccess to the original signal can be removed by turning to what theinventor refers to as “statistical steganography.” In this approach, themethods of this technology are applied as simple a priori rulesgoverning the reading of an empirical data set searching for an embeddedmessage. This method also could make good use of it combination withprior art methods of verifying the integrity of a data file, such aswith the DSS. (See, e.g., Walton, “Image Authentication for a SlipperyNew Age,” Dr. Dobb's Journal, April, 1995, p. 18 for methods ofverifying the sample-by-sample, bit-by-bit, integrity of a digitalimage.)

Statistical steganography posits that a sender and receiver both haveaccess to the same master snowy code signal. This signal can be entirelyrandom and securely transmitted to both parties, or generated by ashared and securely transmitted lower order key which generates a largerquasi-random master snowy code signal. It is a priori defined that 16bit chunks of a message will be passed within contiguous 1024 sampleblocks of empirical data, and that the receiver will use dot productdecoding methods as outlined in this disclosure. The sender of theinformation pre-checks that the dot product approach indeed produces theaccurate 16 bit values (that is, the sender pre-checks that thecross-talk between the carrier image and the message signal is not suchthat the dot product operation will produce an unwanted inversion of anyof the 16 bits). Some fixed number of 1024 sample blocks are transmittedand the same number times 16 bits of message is therefore transmitted.DSS techniques can be used to verify the integrity of a message when thetransmitted data is known to only exist in digital form, whereasinternal checksum and error correcting codes can be transmitted insituations where the data may be subject to change and transformation inits transmission. In this latter case, it is best to have longer blocksof samples for any given message content size (such as 10K samples for a16 bit message chunk, purely as an example).

Network Linking Method Using Information Embedded in Data Objects thathave Inherent Noise

The diagram of FIG. 27 illustrates the aspect of the technology thatprovides a network linking method using information embedded in dataobjects that have inherent noise. In one sense, this aspect is a networknavigation system and, more broadly, a massively distributed indexingsystem that embeds addresses and indices directly within data objectsthemselves. As noted, this aspect is particularly well-adapted forestablishing hot links with pages presented on the World Wide Web (WWW).A given data object effectively contains both a graphical representationand embedded URL address.

As in previous embodiments, this embedding is carried out so that theadded address information does not affect the core value of the objectso far as the creator and audience are concerned. As a consequence ofsuch embedding, only one class of data objects is present rather thanthe two classes (data object and discrete header file) that areattendant with traditional WWW links. The advantages of reducing ahot-linked data object to a single class were mentioned above, and areelaborated upon below. In one preferred embodiment of the technology,the World Wide Web is used as a pre-existing hot link based network. Thecommon apparatus of this system is networked computers and computermonitors displaying the results of interactions when connected to theweb. This embodiment of the technology contemplates steganographicallyembedding URL or other address-type information directly into images,videos, audio, and other forms of data objects that are presented to aweb site visitor, and which have “gray scale” or “continuous tones” or“gradations” and, consequently, inherent noise. As noted above, there isa variety of ways to realize a basic steganographic implementation, allof which could be employed to carry out the present technology.

With particular reference to FIG. 27, images, quasi-continuous tonegraphics, multimedia video and audio data are currently the basicbuilding blocks of many sites 1002, 1004 on the World Wide Web. Suchdata will be hereafter collectively referred to as creative data filesor data objects. For illustrative purposes, a continuous-tone graphicdata object 1006 (diamond ring with background) is depicted in FIG. 27.

Web site tools—both those that develop web sites 1008 and those thatallow browsing them 1010—routinely deal with the various file formats inwhich these data objects are packaged. It is already common todistribute and disseminate these data objects 1006 as widely aspossible, often with the hope on a creator's part to sell the productsrepresented by the objects or to advertise creative services (e.g., anexemplary photograph, with an 800 phone number displayed within it,promoting a photographer's skills and service). Using the methods ofthis technology, individuals and organizations who create anddisseminate such data objects can embed an address link that leads rightback to their own node on a network, their own site on the WWW.

A user at one site 1004 needs merely to point and click at the displayedobject 1006. The browser 1010 identifies the object as a hot linkobject. The browser reads the URL address that is embedded within theobject and routes the user to the linked web site 1002, just as if theuser had used a conventional web link. That linked site 1002 is the homepage or network node of the creator of the object 1006, which creatormay be a manufacturer. The user at the first site 1004 is then presentedwith, for example, an order form for purchasing the product representedby the object 1006.

It will be appreciated that the creators of objects 1006 having embeddedURL addresses or indices (which objects may be referred to as “hotobjects”) and the manufacturers hoping to advertise their goods andservices can now spread their creative content like dandelion seeds inthe wind across the WWW, knowing that embedded within those seeds arelinks back to their own home page.

It is contemplated that the object 1006 may include a visible icon 1012(such as the exemplary “HO” abbreviation shown in FIG. 27) incorporatedas part of the graphic. The icon or other subtle indicia would apprisethe user that the object is a hot object, carrying the embedded URLaddress or other information that is accessible via the browser 1010.

Any human-perceptible indicium (e.g., a short musical tone) can servethe purpose of apprising the user of the hot object. It is contemplated,however, that no such indicium is required. A user's trial-and-errorapproach to clicking on a data object having no embedded address willmerely cause the browser to look for, but not find, the URL address.

The automation process inherent in the use of this aspect of thetechnology is very advantageous. Browsers and web site development toolssimply need to recognize this new class of embedded hot links (hotobjects), operating on them in real time. Conventional hot links can bemodified and supplemented simply by “uploading” a hot object into a website repository, never requiring a web site programmer to do a thingother than basic monitoring of traffic.

A preferred method of implementing the above described functions of thepresent technology generally involves the steps of (1) creating a set ofstandards by which URL addresses are steganographically embedded withinimages, video, audio, and other forms of data objects; and (2) designingweb site development tools and web browsers such that they recognizethis new type of data object (the hot object), the tools being designedsuch that when the objects are presented to a user and that user pointsand clicks on such an object, the web site browser tool knows how toread or decode the steganographic information and route the user to thedecoded URL address.

The foregoing portions of this description detailed a preferredsteganographic implementation (see, generally, FIG. 2 and the textassociated therewith) that is readily adapted to carry out the presenttechnology. In this regard, the otherwise conventional site developmenttool 1008 is enhanced to include, for example, the capability to encodea bit-mapped image file with an identification code (URL address, forexample) according to the present technology. In the present embodiment,it is contemplated that the commercial or transaction based hot objectsmay be steganographically embedded with URL addresses (or otherinformation) using any of the universal codes described above.

The foregoing portions of this description also detailed a preferredtechnique for reading or decoding steganographically embeddedinformation (see, generally, FIG. 3 and the text associated therewith)that is readily adapted to carry out the present technology. In thisregard, the otherwise conventional browser 1010 is enhanced to include,for example, the capability to analyze encoded bit-mapped files andextract the identification code (URL address, for example). Softwareprograms, written for an Indigo workstation manufactured by SiliconGraphics, Inc. and suitable for such browser enhancement are provided inAppendices B and C to the priority applications.

While a preferred implementation for steganographically embeddinginformation on a data object has been described in connection with thepresent technology, one of ordinary skill will appreciate that any oneof the multitude of available steganographic techniques may be employedto carry out the function of the present embodiment.

It will be appreciated that the present embodiment provides an immediateand common sense mechanism whereby some of the fundamental buildingblocks of the WWW, namely images and sound, can also become hot links toother web sites. Also, the programming of such hot objects can becomefully automated merely through the distribution and availability ofimages and audio. No real web site programming is required. The presentembodiment provides for the commercial use of the WWW in such a way thatnon-programmers can easily spread their message merely by creating anddistributing creative content (herein, hot objects).

As noted, one can also transition web based hot links themselves from amore arcane text based interface to a more natural image basedinterface.

Encapsulated Hot Link File Format

As noted above, once steganographic methods of hot link navigation takehold, then, as new file formats and transmission protocols develop, moretraditional methods of “header-based” information attachment can enhancethe basic approach built by a steganographic-based system. One way tobegin extending the steganographic based hot link method back into themore traditional header-based method is to define a new class of fileformat which could effectively become the standard class used in networknavigation systems. It will be seen that objects beyond images, audioand the like can now become “hot objects”, including text files, indexedgraphic files, computer programs, and the like.

The encapsulated hot link (EHL) file format simply is a small shellplaced around a large range of pre-existing file formats. The EHL headerinformation takes only the first N bytes of a file, followed by a fulland exact file in any kind of industry standard format. The EHLsuper-header merely attaches the correct file type, and the URL addressor other index information associating that object to other nodes on anetwork or other databases on a network.

It is possible that the EHL format could be the method by which thesteganographic methods are slowly replaced (but probably nevercompletely). The slowness pays homage to the idea that file formatstandards often take much longer to create, implement, and get everybodyto actually use (if at all). Again, the idea is that an EHL-like formatand system built around it would bootstrap onto a system setup based onsteganographic methods.

The “Noise” in Vector Graphics and Very-Low-Order Indexed Graphics

The methods of this disclosure generally posit the existence of“empirical signals,” which is another way of saying signals which havenoise contained within them almost by definition. There are two classesof 2 dimensional graphics which are not generally considered to havenoise inherent in them: vector graphics and certain indexed bit-mappedgraphics. Vector graphics and vector graphic files are generally fileswhich contain exact instructions for how a computer or printer drawslines, curves and shapes. A change of even one bit value in such a filemight change a circle to a square, as a very crude example. In otherwords, there is generally no “inherent noise” to exploit within thesefiles. Indexed bit-mapped graphics refers to images which are composedof generally a small number of colors or grey values, such as 16 in theearly CGA displays on PC computers. Such “very-low-order” bit-mappedimages usually display graphics and cartoons, rather than being used inthe attempted display of a digital image taken with a camera of thenatural world. These types of very-low-order bit-mapped graphics alsoare generally not considered to contain “noise” in the classic sense ofthat term. The exception is where indexed graphic files do indeedattempt to depict natural imagery, such as with the GIF (graphicinterchange format of Compuserve), where the concept of “noise” is stillquite valid and the principles of this technology still quite valid.These latter forms often use dithering (similar to pointillist paintingsand color newspaper print) to achieve near lifelike imagery.

This section concerns this class of 2 dimensional graphics whichtraditionally do not contain “noise.” This section takes a brief look athow the principles of this technology can still be applied in somefashion to such creative material.

The easiest way to apply the principles of this technology to these“noiseless” graphics is to convert them into a form which is amenable tothe application of the principles of this technology. Many terms havebeen used in the industry for this conversion, including “ripping” avector graphic (raster image processing) such that a vector graphic fileis converted to a greyscale pixel-based raster image. Programs such asPhotoshop by Adobe have such internal tools to convert vector graphicfiles into RGB or greyscale digital images. Once these files are in sucha form, the principles of this technology can be applied in astraightforward manner. Likewise, very-low-indexed bitmaps can beconverted to an RGB digital image or an equivalent. In the RGB domain,the signatures can be applied to the three color channels in appropriateratios, or the RGB image can be simply converted into a greyscale/chromaformat such as “Lab” in Photoshop, and the signatures can be applied tothe “Lightness channel” therein. Since most of the distribution media,such as videotapes, CD-ROMs, MPEG video, digital images, and print areall in forms which are amenable to the application of the principles ofthis technology, this conversion from vector graphic form andvery-low-order graphic form is often done in any event.

Another way to apply the principles of this technology to vectorgraphics and very-low-order bitmapped graphics is to recognize that,indeed, there are certain properties to these inherent graphic formatswhich—to the eye—appear as noise. The primary example is the borders andcontours between where a given line or figure is drawn or not drawn, orexactly where a bit-map changes from green to blue. In most cases, ahuman viewer of such graphics will be keenly aware of any attempts to“modulate signature signals” via the detailed and methodical changing ofthe precise contours of a graphic object. Nevertheless, such encoding ofthe signatures is indeed possible. The distinction between this approachand that disclosed in the bulk of this disclosure is that now thesignatures must ultimately derive from what already exists in a givengraphic, rather than being purely and separately created and added intoa signal. This disclosure points out the possibilities here nonetheless.The basic idea is to modulate a contour, a touch right or a touch left,a touch up or a touch down, in such a way as to communicate an N-bitidentification word. The locations of the changes contours would becontained in a an analogous master noise image, though now the noisewould be a record of random spatial shifts one direction or another,perpendicular to a given contour. Bit values of the N-bit identificationword would be encoded, and read, using the same polarity checking methodbetween the applied change and the change recorded in the master noiseimage.

Plastic Credit and Debit Card Systems Based on the Principles of theTechnology

Growth in the use of plastic credit cards, and more recently debit cardsand ATM cash cards, needs little introduction. Nor does there need to bemuch discussion here about the long history of fraud and illicit uses ofthese financial instruments. The development of the credit cardhologram, and its subsequent forgery development, nicely serves as ahistoric example of the give and take of plastic card security measuresand fraudulent countermeasures. This section will concern itself withhow the principles of this technology can be realized in an alternative,highly fraud-proof yet cost effective plastic card-based financialnetwork.

A basic list of desired features for an ubiquitous plastic economy mightbe as follows: 1) A given plastic financial card is completelyimpossible to forge; 2) An attempted forged card (a “look-alike”) cannoteven function within a transaction setting; 3) Intercepted electronictransactions by a would-be thief would not in any way be useful orre-useable; 4) In the event of physical theft of an actual valid card,there are still formidable obstacles to a thief using that card; and 5)The overall economic cost of implementation of the financial cardnetwork is equal to or less than that of the current internationalcredit card networks, i.e., the fully loaded cost per transaction isequal to or less than the current norm, allowing for higher profitmargins to the implementors of the networks. Apart from item 5, whichwould require a detailed analysis of the engineering and social issuesinvolved with an all out implementation strategy, the following use ofthe principles of this technology may well achieve the above list, evenitem 5.

FIGS. 22 through 26, along with the ensuing written material,collectively outline what is referred to in FIG. 26 as “TheNegligible-Fraud Cash Card System.” The reason that the fraud-preventionaspects of the system are highlighted in the title is that fraud, andthe concomitant lost revenue therefrom, is apparently a central problemin today's plastic card based economies. The differential advantages anddisadvantages of this system relative to current systems will bediscussed after a preferred embodiment is presented.

FIG. 22 illustrates the basic unforgeable plastic card which is quiteunique to each and every user. A digital image 940 is taken of the userof the card. A computer, which is hooked into the central accountingnetwork, 980, depicted in FIG. 26, receives the digital image 940, andafter processing it (as will be described surrounding FIG. 24) producesa final rendered image which is then printed out onto the personal cashcard 950. Also depicted in FIG. 22 is a straightforward identificationmarking, in this case a bar code 952, and optional position fiducialswhich may assist in simplifying the scanning tolerances on the Reader958 depicted in FIG. 23.

The short story is that the personal cash card 950 actually contains avery large amount of information unique to that particular card. Thereare no magnetic strips involved, though the same principles cancertainly be applied to magnetic strips, such as an implanted magneticnoise signal (see earlier discussion on the “fingerprinting” of magneticstrips in credit cards; here, the fingerprinting would be prominent andproactive as opposed to passive). In any event, the unique informationwithin the image on the personal cash card 950 is stored along with thebasic account information in a central accounting network, 980, FIG. 26.The basis for unbreakable security is that during transactions, thecentral network need only query a small fraction of the totalinformation contained on the card, and never needs to query the sameprecise information on any two transactions. Hundreds if not thousandsor even tens of thousands of unique and secure “transaction tokens” arecontained within a single personal cash card. Would-be pirates who wentso far as to pick off transmissions of either encrypted or evenunencrypted transactions would find the information useless thereafter.This is in marked distinction to systems which have a single complex andcomplete “key” (generally encrypted) which needs to be accessed, in itsentirety, over and over again. The personal cash card on the other handcontains thousands of separate and secure keys which can be used once,within milliseconds of time, then forever thrown away (as it were). Thecentral network 980 keeps track of the keys and knows which have beenused and which haven't.

FIG. 23 depicts what a typical point-of-sale reading device, 958, mightlook like. Clearly, such a device would need to be manufacturable atcosts well in line with, or cheaper than, current cash register systems,ATM systems, and credit card swipers. Not depicted in FIG. 23 are theinnards of the optical scanning, image processing, and datacommunications components, which would simply follow normal engineeringdesign methods carrying out the functions that are to be describedhenceforth and are well within the capability of artisans in thesefields. The reader 958 has a numeric punch pad 962 on it, showing that anormal personal identification number system can be combined with theoverall design of this system adding one more conventional layer ofsecurity (generally after a theft of the physical card has occurred). Itshould also be pointed out that the use of the picture of the user isanother strong (and increasingly common) security feature intended tothwart after-theft and illicit use. Functional elements such as theoptical window, 960, are shown, mimicking the shape of the card,doubling as a centering mechanism for the scanning. Also shown is thedata line cable 966 presumably connected either to a proprietor'scentral merchant computer system or possibly directly to the centralnetwork 980. Such a reader may also be attached directly to a cashregister which performs the usual tallying of purchased items. Perhapsoverkill on security would be the construction of the reader, 958, as atype of Faraday cage such that no electronic signals, such as the rawscan of the card, can emanate from the unit. The reader 958 does need tocontain, preferably, digital signal processing units which will assistin swiftly calculating the dot product operations described henceforth.It also should contain local read-only memory which stores a multitudeof spatial patterns (the orthogonal patterns) which will be utilized inthe “recognition” steps outlined in FIG. 25 and its discussion. Asrelated in FIG. 23, a consumer using the plastic card merely placestheir card on the window to pay for a transaction. A user could choosefor themselves if they want to use a PIN number or not. Approval of thepurchase would presumably happen within seconds, provided that thesignal processing steps of FIG. 25 are properly implemented witheffectively parallel digital processing hardware.

FIG. 24 takes a brief look at one way to process the raw digital image,940, of a user into an image with more useful information content anduniqueness. It should be clearly pointed out that the raw digital imageitself could in fact be used in the following methods, but that placingin additional orthogonal patterns into the image can significantlyincrease the overall system. (Orthogonal means that, if a given patternis multiplied by another orthogonal pattern, the resulting number iszero, where “multiplication of patterns” is meant in the sense of vectordot products; these are all familiar terms and concepts in the art ofdigital image processing). FIG. 24 shows that the computer 942 can,after interrogating the raw image 970, generate a master snowy image 972which can be added to the raw image 970 to produce a yet-more uniqueimage which is the image that is printed onto the actual personal cashcard, 950. The overall effect on the image is to “texturize” the image.In the case of a cash card, invisibility of the master snowy pattern isnot as much of a requirement as with commercial imagery, and one of theonly criteria for keeping the master snowy image somewhat lighter is tonot obscure the image of the user. The central network, 980, stores thefinal processed image in the record of the account of the user, and itis this unique and securely kept image which is the carrier of thehighly secure “throw-away transaction keys.” This image will thereforebe “made available” to all duly connected point-of-sale locations in theoverall network. As will be seen, none of the point-of-sale locationsever has knowledge of this image, they merely answer queries from thecentral network.

FIG. 25 steps through a typical transaction sequence. The figure is laidout via indentations, where the first column are steps performed by thepoint-of-sale reading device 958, the second column has informationtransmission steps communicated over the data line 966, and the thirdcolumn has steps taken by the central network 980 which has the securedinformation about the user's account and the user's unique personal cashcard 950. Though there is some parallelism possible in theimplementation of the steps, as is normally practiced in the engineeringimplementation of such systems, the steps are nevertheless laid outaccording to a general linear sequence of events.

Step one of FIG. 25 is the standard “scanning” of a personal cash card950 within the optical window 960. This can be performed using linearoptical sensors which scan the window, or via a two dimensional opticaldetector array such as a CCD. The resulting scan is digitized into agrey scale image and stored in an image frame memory buffer such as a“framegrabber,” as is now common in the designs of optical imagingsystems. Once the card is scanned, a first image processing step wouldprobably be locating the four fiducial center points, 954, and usingthese four points to guide all further image processing operations (i.e.the four fiducials “register” the corresponding patterns and barcodes onthe personal cash card). Next, the barcode ID number would be extractedusing common barcode reading image processing methods. Generally, theuser's account number would be determined in this step.

Step two of FIG. 25 is the optional typing in of the PIN number.Presumably most users would opt to have this feature, except those userswho have a hard time remembering such things and who are convinced thatno one will ever steal their cash card.

Step three of FIG. 25 entails connecting through a data line to thecentral accounting network and doing the usual communicationshandshaking as is common in modem-based communications systems. Thepreferred embodiment of this system would obviate the need for standardphone lines, such as the use of optical fiber data links, but for now wecan assume it is a garden variety belltone phone line and that thereader 958 hasn't forgotten the phone number of the central network.

After basic communications are established, step four shows that thepoint-of-sale location transmits the ID number found in step 1, alongwith probably an encrypted version of the PIN number (for addedsecurity, such as using the ever more ubiquitous RSA encryptionmethods), and appends the basic information on the merchant who operatesthe point-of-sale reader 958, and the amount of the requestedtransaction in monetary units.

Step five has the central network reading the ID number, routing theinformation accordingly to the actual memory location of that user'saccount, thereafter verifying the PIN number and checking that theaccount balance is sufficient to cover the transaction. Along the way,the central network also accesses the merchant's account, checks that itis valid, and readies it for an anticipated credit.

Step six begins with the assumption that step five passed all counts. Ifstep five didn't, the exit step of sending a NOT OK back to the merchantis not depicted. So, if everything checks out, the central networkgenerates twenty four sets of sixteen numbers, where all numbers aremutually exclusive, and in general, there will be a large but quitedefinitely finite range of numbers to choose from. FIG. 25 posits therange being 64K or 65536 numbers. It can be any practical number,actually. Thus, set one of the twenty four sets might have the numbers23199, 54142, 11007, 2854, 61932, 32879, 38128, 48107, 65192, 522,55723, 27833, 19284, 39970, 19307, and 41090, for example. The next setwould be similarly random, but the numbers of set one would be offlimits now, and so on through the twenty four sets. Thus, the centralnetwork would send (16×24×2 bytes) of numbers or 768 bytes. The actualamount of numbers can be determined by engineering optimization ofsecurity versus transmission speed issues. These random numbers areactually indexes to a set of 64K universally a priori defined orthogonalpatterns which are well known to both the central network and arepermanently stored in memory in all of the point-of-sale readers. Aswill be seen, a would-be thief s knowledge of these patterns is of nouse.

Step seven then transmits the basic “OK to proceed” message to thereader, 958, and also sends the 24 sets of 16 random index numbers.

Step eight has the reader receiving and storing all these numbers. Thenthe reader, using its local microprocessor and custom designed highspeed digital signal processing circuitry, steps through all twenty foursets of numbers with the intention of deriving 24 distinct floatingpoint numbers which it will send back to the central network as a “onetime key” against which the central network will check the veracity ofthe card's image. The reader does this by first adding together thesixteen patterns indexed by the sixteen random numbers of a given set,and then performing a common dot product operation between the resultingcomposite pattern and the scanned image of the card. The dot productgenerates a single number (which for simplicity we can call a floatingpoint number). The reader steps through all twenty four sets in likefashion, generating a unique string of twenty four floating pointnumbers.

Step nine then has the reader transmitting these results back to thecentral network.

Step ten then has the central network performing a check on thesereturned twenty four numbers, presumably doing its own exact samecalculations on the stored image of the card that the central networkhas in its own memory. The numbers sent by the reader can be“normalized,” meaning that the highest absolute value of the collectivetwenty four dot products can divided by itself (its unsigned value), sothat brightness scale issues are removed. The resulting match betweenthe returned values and the central network's calculated values willeither be well within given tolerances if the card is valid, and way offif the card is a phony or if the card is a crude reproduction.

Step eleven then has the central network sending word whether or not thetransaction was OK, and letting the customer know that they can go homewith their purchased goods.

Step twelve then explicitly shows how the merchant's account is creditedwith the transaction amount.

As already stated, the primary advantage of this plastic card technologyis to significantly reduce fraud, which apparently is a large cost tocurrent systems. This system reduces the possibility of fraud only tothose cases where the physical card is either stolen or very carefullycopied. In both of these cases, there still remains the PIN security andthe user picture security (a known higher security than low wage clerksanalyzing signatures). Attempts to copy the card must be performedthrough “temporary theft” of the card, and require photo-quality copyingdevices, not simple magnetic card swipers. The system is founded upon amodern 24 hour highly linked data network. Illicit monitoring oftransactions does the monitoring party no use whether the transmissionsare encrypted or not.

Potential Use of the Technology in the Protection and Control ofSoftware PROGRAMS

The illicit use, copying, and reselling of software programs representsa huge loss of revenues to the software industry at large. The prior artmethods for attempting to mitigate this problem are very broad and willnot be discussed here. What will be discussed is how the principles ofthis technology might be brought to bear on this huge problem. It isentirely unclear whether the tools provided by this technology will haveany economic advantage (all things considered) over the existingcountermeasures both in place and contemplated.

The state of technology over the last decade or more has made it ageneral necessity to deliver a full and complete copy of a softwareprogram in order for that program to function on a user's computer. Ineffect, $X were invested in creating a software program where X islarge, and the entire fruits of that development must be delivered inits entirety to a user in order for that user to gain value from thesoftware product. Fortunately this is generally compiled code, but thepoint is that this is a shaky distribution situation looked at in theabstract. The most mundane (and harmless in the minds of mostperpetrators) illicit copying and use of the program can be performedrather easily.

This disclosure offers, at first, an abstract approach which may or maynot prove to be economical in the broadest sense (where the recoveredrevenue to cost ratio would exceed that of most competing methods, forexample). The approach expands upon the methods and approaches alreadylaid out in the section on plastic credit and debit cards. The abstractconcept begins by positing a “large set of unique patterns,” uniqueamong themselves, unique to a given product, and unique to a givenpurchaser of that product. This set of patterns effectively containsthousands and even millions of absolutely unique “secret keys” to usethe cryptology vernacular. Importantly and distinctly, these keys arenon-deterministic, that is, they do not arise from singular sub-1000 orsub-2000 bit keys such as with the RSA key based systems. This large setof patterns is measured in kilobytes and Megabytes, and as mentioned, isnon-deterministic in nature. Furthermore, still at the most abstractlevel, these patterns are fully capable of being encrypted via standardtechniques and analyzed within the encrypted domain, where the analysisis made on only a small portion of the large set of patterns, and thateven in the worst case scenario where a would-be pirate is monitoringthe step-by-step microcode instructions of a microprocessor, thisgathered information would provide no useful information to the would-bepirate. This latter point is an important one when it comes to“implementation security” as opposed to “innate security” as will bebriefly discussed below.

So what could be the differential properties of this type of key basedsystem as opposed to, for example, the RSA cryptology methods which arealready well respected, relatively simple, etc. etc? As mentionedearlier, this discussion is not going to attempt a commercialside-by-side analysis. Instead, we'll just focus on the differingproperties. The main distinguishing features fall out in theimplementation realm (the implementation security). One example is thatin single low-bit-number private key systems, the mere local use andre-use of a single private key is an inherently weak link in anencrypted transmission system. [“Encrypted transmission systems” arediscussed here in the sense that securing the paid-for use of softwareprograms will in this discussion require de facto encryptedcommunication between a user of the software and the “bank” which allowsthe user to use the program; it is encryption in the service ofelectronic financial transactions looked at in another light.] Would-behackers wishing to defeat so-called secure systems never attack thefundamental hard-wired security (the innate security) of the pristineusage of the methods, they attack the implementation of those methods,centered around human nature and human oversights. It is here, still inthe abstract, that the creation of a much larger key base, which isitself non-deterministic in nature, and which is more geared towardeffectively throw-away keys, begins to “idiot proof” the morehistorically vulnerable implementation of a given secure system. Thehuge set of keys is not even comprehensible to the average holder ofthose keys, and their use of those keys (i.e., the “implementation” ofthose keys) can randomly select keys, easily throw them out after atime, and can use them in a way that no “eavesdropper” will gain anyuseful information in the eavesdropping, especially when well within amillionth of the amount of time that an eavesdropper could “decipher” akey, its usefulness in the system would be long past.

Turning the abstract to the semi-concrete, one possible new approach tosecurely delivering a software product to ONLY the bonafide purchasersof that product is the following. In a mass economic sense, this newmethod is entirely founded upon a modest rate realtime digitalconnectivity (often, but not necessarily standard encrypted) between auser's computer network and the selling company's network. At firstglance this smells like trouble to any good marketing person, andindeed, this may throw the baby out with the bathwater if by trying torecover lost revenues, you lose more legitimate revenue along the way(all part of the bottom line analysis). This new method dictates that acompany selling a piece of software supplies to anyone who is willing totake it about 99.8% of its functional software for local storage on auser's network (for speed and minimizing transmission needs). This “freecore program” is entirely unfunctional and designed so that even thecraftiest hackers can't make use of it or “decompile it” in some sense.Legitimate activation and use of this program is performed purely on ainstruction-cycle-count basis and purely in a simple very low overheadcommunications basis between the user's network and the company'snetwork. A customer who wishes to use the product sends payment to thecompany via any of the dozens of good ways to do so. The customer issent, via common shipment methods, or via commonly secured encrypteddata channels, their “huge set of unique secret keys.” If we were tolook at this large set as if it were an image, it would look just likethe snowy images discussed over and over again in other parts of thisdisclosure. (Here, the “signature” is the image, rather than beingimperceptibly placed onto another image). The special nature of thislarge set is that it is what we might call “ridiculously unique” andcontains a large number of secret keys. (The “ridiculous” comes from thesimple math on the number of combinations that are possible with, say 1Megabyte of random bit values, equaling exactly the number that “allones” would give, thus 1 Megabyte being approximately 10 raised to the2,400,000 power, plenty of room for many people having many throwawaysecret keys). It is important to re-emphasize that the purchased entityis literally: productive use of the tool. The marketing of this wouldneed to be very liberal in its allotment of this productivity, sinceper-use payment schemes notoriously turn off users and can lower overallrevenues significantly.

This large set of secret keys is itself encrypted using standardencryption techniques. The basis for relatively higher “implementationsecurity” can now begin to manifest itself. Assume that the user nowwishes to use the software product. They fire up the free core, and thefree core program finds that the user has installed their large set ofunique encrypted keys. The core program calls the company network anddoes the usual handshaking The company network, knowing the large set ofkeys belonging to that bonafide user, sends out a query on some simpleset of patterns, almost exactly the same way as described in the sectionon the debit and credit cards. The query is such a small set of thewhole, that the inner workings of the core program do not even need todecrypt the whole set of keys, only certain parts of the keys, thus nodecrypted version of the keys ever exist, even within the machine cycleson the local computer itself. As can be seen, this does not require the“signatures within a picture” methods of the main disclosure, instead,the many unique keys ARE the picture. The core program interrogates thekeys by performing certain dot products, then sends the dot productsback to the company's network for verification. See FIG. 25 and theaccompanying discussion for typical details on a verificationtransaction. Generally encrypted verification is sent, and the coreprogram now “enables” itself to perform a certain amount ofinstructions, for example, allowing 100,000 characters being typed intoa word processing program (before another unique key needs to betransmitted to enable another 100,000). In this example, a purchaser mayhave bought the number of instructions which are typically used within aone year period by a single user of the word processor program. Thepurchaser of this product now has no incentive to “copy” the program andgive it to their friends and relatives.

All of the above is well and fine except for two simple problems. Thefirst problem can be called “the cloning problem” and the second “thebig brother problem.” The solutions to these two problems are intimatelylinked. The latter problem will ultimately become a purely socialproblem, with certain technical solutions as mere tools not ends.

The cloning problem is the following. It generally applies to a moresophisticated pirate of software rather than the currently common“friend gives their distribution CD to a friend” kind of piracy.Crafty-hacker “A” knows that if she performs a system-state clone of the“enabled” program in its entirety and installs this clone on anothermachine, then this second machine effectively doubles the value receivedfor the same money. Keeping this clone in digital storage, hacker “A”only needs to recall it and reinstall the clone after the first periodis run out, thus indefinitely using the program for a single payment, orshe can give the clone to their hacker friend “B” for a six-pack ofbeer. One good solution to this problem requires, again, a rather welldeveloped and low cost real time digital connectivity between user siteand company enabling network. This ubiquitous connectivity generallydoes not exist today but is fast growing through the Internet and thebasic growth in digital bandwidth. Part and parcel of the “enabling” isa negligible communications cost random auditing function wherein thefunctioning program routinely and irregularly performs handshakes andverifications with the company network. It does so, on average, during acycle which includes a rather small amount of productivity cycles of theprogram. The resulting average productivity cycle is in general muchless than the raw total cost of the cloning process of the overallenabled program. Thus, even if an enabled program is cloned, theusefulness of that instantaneous clone is highly limited, and it wouldbe much more cost effective to pay the asking price of the sellingcompany than to repeat the cloning process on such short time periods.Hackers could break this system for fun, but certainly not for profit.The flip side to this arrangement is that if a program “calls up” thecompany's network for a random audit, the allotted productivity countfor that user on that program is accounted for, and that in cases wherebonafide payment has not been received, the company network simplywithholds its verification and the program no longer functions. We'reback to where users have no incentive to “give this away” to friendsunless it is an explicit gift (which probably is quite appropriate ifthey have indeed paid for it: “do anything you like with it, you paidfor it”).

The second problem of “big brother” and the intuitively mysterious“enabling” communications between a user's network and a company'snetwork would as mentioned be a social and perceptual problem thatshould have all manner of potential real and imagined solutions. Evenwith the best and objectively unbeatable anti-big-brother solutions,there will still be a hard-core conspiracy theory crowd claiming it justain't so. With this in mind, one potential solution is to set up asingle program registry which is largely a public or non-profitinstitution to handling and coordinating the realtime verificationnetworks. Such an entity would then have company clients as well as userclients. An organization such as the Software Publishers Association,for example, may choose to lead such an effort.

Concluding this section, it should be re-emphasized that the methodshere outlined require a highly connected distributed system, in otherwords, a more ubiquitous and inexpensive Internet than exists in mid1995. Simple trend extrapolation would argue that this is not too faroff from 1995. The growth rate in raw digital communications bandwidthalso argues that the above system might be more practical, sooner, thanit might first appear. (The prospect of interactive TV brings with itthe promise of a fast network linking millions of sites around theworld.)

Use of Current Cryptology Methods in Conjunction with this Technology

It should be briefly noted that certain implementations of theprinciples of this technology probably can make good use of currentcryptographic technologies. One case in point might be a system wherebygraphic artists and digital photographers perform realtime registrationof their photographs with the copyright office. It might be advantageousto send the master code signals, or some representative portion thereof,directly to a third party registry. In this case, a photographer wouldwant to know that their codes were being transmitted securely and notstolen along the way. In this case, certain common cryptographictransmission might be employed. Also, photographers or musicians, or anyusers of this technology, may want to have reliable time stampingservices which are becoming more common. Such a service could beadvantageously used in conjunction with the principles of thistechnology.

Details on the Legitimate and Illegitimate Detection and Removal ofInvisible Signatures

In general, if a given entity can recognize the signatures hidden withina given set of empirical data, that same entity can take steps to removethose signatures. In practice, the degree of difficulty between theformer condition and the latter condition can be made quite large,fortunately. On one extreme, one could posit a software program which isgenerally very difficult to “decompile” and which does recognitionfunctions on empirical data. This same bit of software could notgenerally be used to “strip” the signatures (without going to extremelengths). On the other hand, if a hacker goes to the trouble ofdiscovering and understanding the “public codes” used within some systemof data interchange, and that hacker knows how to recognize thesignatures, it would not be a large step for that hacker to read in agiven set of signed data and create a data set with the signatureseffectively removed. In this latter example, interestingly enough, therewould often be telltale statistics that signatures had been removed,statistics which will not be discussed here.

These and other such attempts to remove the signatures we can refer toas illicit attempts. Current and past evolution of the copyright lawshave generally targeted such activity as coming under criminal activityand have usually placed such language, along with penalties andenforcement language, into the standing laws. Presumably any and allpractitioners of this signature technology will go to lengths to makesure that the same kind of a) creation, b) distribution, and c) use ofthese kinds of illicit removal of copyright protection mechanisms arecriminal offenses subject to enforcement and penalty. On the other hand,it is an object of this technology to point out that through therecognition steps outlined in this disclosure, software programs can bemade such that the recognition of signatures can simply lead to theirremoval by inverting the known signatures by the amount equal to theirfound signal energy in the recognition process (i.e., remove the size ofthe given code signal by exact amount found). By pointing this out inthis disclosure, it is clear that such software or hardware whichperforms this signature removal operation will not only (presumably) becriminal, but it will also be liable to infringement to the extent thatit is not properly licensed by the holders of the (presumably) patentedtechnology.

The case of legitimate and normal recognition of the signatures isstraightforward. In one example, the public signatures coulddeliberately be made marginally visible (i.e. their intensity would bedeliberately high), and in this way a form of sending out “proof comps”can be accomplished. “Comps” and “proofs” have been used in thephotographic industry for quite some time, where a degraded image ispurposely sent out to prospective customers so that they might evaluateit but not be able to use it in a commercially meaningful way. In thecase of this technology, increasing the intensity of the public codescan serve as a way to “degrade” the commercial value intentionally, thenthrough hardware or software activated by paying a purchase price forthe material, the public signatures can be removed (and possiblyreplaced by a new invisible tracking code or signature, public and/orprivate.

Monitoring Stations and Monitoring Services

Ubiquitous and cost effective recognition of signatures is a centralissue to the broadest proliferation of the principles of thistechnology. Several sections of this disclosure deal with this topic invarious ways. This section focuses on the idea that entities such asmonitoring nodes, monitoring stations, and monitoring agencies can becreated as part of a systematic enforcement of the principles of thetechnology. In order for such entities to operate, they requireknowledge of the master codes, and they may require access to empiricaldata in its raw (unencrypted and untransformed) form. (Having access tooriginal unsigned empirical data helps in finer analyses but is notnecessary.)

Three basic forms of monitoring stations fall out directly from theadmittedly arbitrarily defined classes of master codes: a privatemonitoring station, a semi-public, and a public. The distinctions aresimply based on the knowledge of the master codes. An example of thefully private monitoring station might be a large photographic stockhouse which decides to place certain basic patterns into its distributedmaterial which it knows that a truly crafty pirate could decipher andremove, but it thinks this likelihood is ridiculously small on aneconomic scale. This stock house hires a part-time person to come in andrandomly check high value ads and other photography in the public domainto search for these relatively easy to find base patterns, as well aschecking photographs that stock house staff members have “spotted” andthink it might be infringement material. The part time person cranksthrough a large stack of these potential infringement cases in a fewhours, and where the base patterns are found, now a more thoroughanalysis takes place to locate the original image and go through thefull process of unique identification as outlined in this disclosure.Two core economic values accrue to the stock house in doing this, valueswhich by definition will outweigh the costs of the monitoring serviceand the cost of the signing process itself. The first value is inletting their customers and the world know that they are signing theirmaterial and that the monitoring service is in place, backed up bywhatever statistics on the ability to catch infringers. This is thedeterrent value, which probably will be the largest value eventually. Ageneral pre-requisite to this first value is the actual recoveredroyalties derived from the monitoring effort and its building of a trackrecord for being formidable (enhancing the first value).

The semi-public monitoring stations and the public monitoring stationslargely follow the same pattern, although in these systems it ispossible to actually set up third party services which are givenknowledge of the master codes by clients, and the services merely fishthrough thousands and millions of “creative property” hunting for thecodes and reporting the results to the clients. ASCAP and BMI have“lower tech” approaches to this basic service.

A large coordinated monitoring service using the principles of thistechnology would classify its creative property supplier clients intotwo basic categories, those that provide master codes themselves andwish the codes to remain secure and unpublished, and those that usegenerally public domain master codes (and hybrids of the two, ofcourse). The monitoring service would perform daily samplings (checks)of publicly available imagery, video, audio, etc., doing high levelpattern checks with a bank of supercomputers. Magazine ads and imageswould be scanned in for analysis, video grabbed off of commercialchannels would be digitized, audio would be sampled, public Internetsites randomly downloaded, etc. These basic data streams would then befed into an ever-churning monitoring program which randomly looks forpattern matches between its large bank of public and private codes, andthe data material it is checking A small sub-set, which itself willprobably be a large set, will be flagged as potential match candidates,and these will be fed into a more refined checking system which beginsto attempt to identify which exact signatures may be present and toperform a more fine analysis on the given flagged material. Presumably asmall set would then fall out as flagged match material, owners of thatmaterial would be positively identified and a monitoring report would besent to the client so that they can verify that it was a legitimate saleof their material. The same two values of the private monitoring serviceoutlined above apply in this case as well. The monitoring service couldalso serve as a formal bully in cases of a found and proveninfringement, sending out letters to infringing parties witnessing thefound infringement and seeking inflated royalties so that the infringingparty might avoid the more costly alternative of going to court.

1. A method comprising: receiving, at a first device, data representinga graphic, wherein the graphic comprises non-uniformly toned regionswith information steganographically encoded therein; decoding thesteganographically encoded information from the received data;communicating with a second device; receiving data from the seconddevice; and controlling an aspect of operation of the first device inaccordance with the data received from the second device, wherein thedata received from the second device is a function of the decodedinformation.
 2. The method of claim 1, wherein the steganographicencoding is adapted in strength in accordance with features of thegraphic, and wherein the adaptation comprises more than two differentstrengths.
 3. The method of claim 1, wherein the steganographic encodingis manifested as extra pseudo-random noise in the received graphic. 4.The method of claim 1, wherein the controlling comprises presenting aweb page on the first device, wherein the contents of the web pagedepend on data received from the second device.
 5. The method of claim1, further comprising using the decoded information to identify a nodeon a computer network, wherein the node comprises the second device. 6.The method of claim 1, wherein the second device comprises a servercomputer.
 7. The method of claim 1, further comprising controllingoutput presented to a user of the first device in accordance with thedata received from the second device.
 8. The method of claim 1, whereinthe second device is identified in accordance with the informationdecoded from the received data.
 9. The method of claim 1, furthercomprising producing the received graphic data from a non-digitalrepresentation thereof.
 10. The method of claim 1, further comprisingproducing the received graphic data by scanning a tangible medium withvisible light.
 11. A network-connected device comprising: a decoderconfigured to decode information steganographically encoded within adata object, wherein the data object represents audio or visual content;and a processor configured to: utilize the decoded information to elicitan action by a remote computing device; receive information from theremote computing device; and control an aspect of operation of thenetwork-connected device in accordance with the data received from theremove computing device, wherein the data received from the removecomputing device is a function of the decoded information.
 12. Thedevice of claim 11, wherein the data object represents a graphic havingnon-uniformly toned regions with the information steganographicallyencoded therein.
 13. The device of claim 11, wherein the decodedinformation comprises address information, and wherein thenetwork-connected device includes a web browser that loads a web pageidentified by the address information.
 14. The device of claim 11,wherein the steganographic encoding of the data object is adapted instrength in accordance with features of the data object, wherein theadaptation comprises more than two different strengths.
 15. The deviceof claim 11, wherein the steganographic encoding is manifested as extrapseudo-random noise in the data object.
 16. A non-transitorycomputer-readable medium having instructions stored thereon, theinstructions comprising: instructions to receive data representing agraphic, wherein the graphic comprises non-uniformly toned regions withinformation steganographically encoded therein; instructions to decodethe steganographically encoded information from the received data;instructions to communicate with a second device; instructions toreceive data from the second device; and instructions to control anaspect of operation of a first device in accordance with the datareceived from the second device, wherein the data received from thesecond device is a function of the decoded information.
 17. Thenon-transitory computer-readable medium of claim 16, wherein thesteganographic encoding is adapted in strength in accordance withfeatures of the graphic, and wherein the adaptation comprises more thantwo different strengths.
 18. The non-transitory computer-readable mediumof claim 16, wherein the steganographic encoding is manifested as extrapseudo-random noise in the received graphic.
 19. The non-transitorycomputer-readable medium of claim 16, wherein the instructions tocontrol comprises instructions to present a web page on the firstdevice, wherein the contents of the web page depend on data receivedfrom the second device.
 20. The non-transitory computer-readable mediumof claim 16, further comprising instructions to use the decodedinformation to identify a node on a computer network, wherein the nodecomprises the second device.